Improve documentation about ASTRO_KEY #11751
Conversation
✅ Deploy Preview for astro-docs-2 ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
Lunaria Status Overview🌕 This pull request will trigger status changes. Learn moreBy default, every PR changing files present in the Lunaria configuration's You can change this by adding one of the keywords present in the Tracked Files
Warnings reference
|
|
Hello! Thank you for opening your first PR to Astro’s Docs! 🎉 Here’s what will happen next:
|
dpuscher
changed the title
dpuscher
force-pushed
the
improve-astro-key-doc
branch
from
f9fe6c7 to
6763471
Compare
|
|
||
| To solve this, you can create a key with the Astro CLI and then reuse it for all of your deployments. This ensures that each user's frontend is talking to a backend that has the right key. | ||
| To ensure both sides use the same key, you must supply the `ASTRO_KEY` environment variable **during the build**. This embeds always the same key into the generated bundle so that encryption and decryption remain in sync. |
There was a problem hiding this comment.
As this is a new paragraph it might be unclear that this only applies if you are doing rolling deployments, and that most users don't need to worry about it.
There was a problem hiding this comment.
Agree, I added an additional note that setting an ASTRO_KEY is probably not needed for most users.
|
|
||
| ### Generating and configuring a reusable key | ||
|
|
||
| Use the Astro CLI to generate a reusable key: |
There was a problem hiding this comment.
I have seen people getting confused, thinking that the required value is just a random string rather than an actual encoded key in a specific format.
There was a problem hiding this comment.
True, I adjusted the last section to make clear that the output ASTRO_KEY is not just a random string but an encoded encryption key
dpuscher
force-pushed
the
improve-astro-key-doc
branch
3 times, most recently
from
8521d5b to
cd42c83
Compare
dpuscher
force-pushed
the
improve-astro-key-doc
branch
from
cd42c83 to
95f6d8a
Compare
| @@ -97,20 +97,26 @@ const productId = url.searchParams.get('product'); | |||
|
|
|||
| ## Reusing the encryption key | |||
There was a problem hiding this comment.
| ## Reusing the encryption key | |
| ## Reusing the encryption key | |
| Astro uses [cryptography](https://developer.mozilla.org/en-US/docs/Glossary/Cryptography) to encrypt props passed to server islands, protecting sensitive data from accidental exposure. This encryption relies on a new, random key that is generated on each build and embedded in the server bundle. | |
| Most deploy hosts will handle keeping your front end and back end in sync automatically. However, you may need a constant encryption key if you are using rolling deployments, multi-region hosting or a CDN that caches pages containing server islands. | |
| In environments with rolling deployments (e.g., Kubernetes) where your frontend assets (which encrypt props) and your backend functions (which decrypt props) may be temporarily using different keys, or when a CDN is still serving pages built with an old key, then encrypted props passed to your server island cannot be decrypted. | |
| In these situations, use the Astro CLI to generate a reusable, encoded encryption key to set as an environment variable in your build environment: | |
| ```shell | |
| astro create-key | |
| ``` | |
| Use this value to configure the `ASTRO_KEY` environment variable (e.g. in a `.env` file) and include it in your CI/CD or host's build settings. This ensures the same key is always reused in the generated bundle so that encryption and decryption remain in sync. |
OK, it's a nightmare to try to make suggestions in the GitHub UI with all the line deletions etc., but here is my suggestion for presenting all this information in a way that conforms to Astro Docs style. (No overuse of notes/asides; combining info to avoid repetition; etc.)
See what you think, and of course, I'll rely on you both for correcting any nuance or facts that might have shifted during the flight. 😄
Description (required)
This PR refines the "Reusing the encryption key" section in the Server Islands guide to enhance clarity and conciseness. The updated content emphasizes the necessity of setting
ASTRO_KEYduring the build phase.Related issues & labels (optional)
docs