feat: generate secret function and replaced few instances (#7810)

This PR fixes #4588

---------

Co-authored-by: Félix Malfait <felix@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>

packages/twenty-website/src/content/developers/self-hosting/cloud-providers.mdx

@@ -5,10 +5,9 @@ image: /images/user-guide/notes/notes_header.png
 ---
 
 <ArticleWarning>
-This document is maintained by the community. It might contain issues.
+  This document is maintained by the community. It might contain issues.
 </ArticleWarning>
 
-
 ## Kubernetes via Terraform and Manifests
 
 Community-led documentation for Kubernetes deployment is available [here](https://github.com/twentyhq/twenty/tree/main/packages/twenty-docker/k8s)
@@ -19,14 +18,12 @@ Community-led, might not be up to date
 
 [![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/twentyhq/twenty)
 
-
-## RepoCloud 
+## RepoCloud
 
 Community-led, might not be up to date
 
 [![Deploy on RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.png)](https://repocloud.io/details/?app_id=259)
 
-
 ## Azure Container Apps
 
 Community-led, might not be up to date
@@ -271,11 +268,8 @@ resource "azapi_update_resource" "cors" {
 ```hcl
 # backend.tf
 
-# Create three random UUIDs
-resource "random_uuid" "access_token_secret" {}
-resource "random_uuid" "login_token_secret" {}
-resource "random_uuid" "refresh_token_secret" {}
-resource "random_uuid" "file_token_secret" {}
+# Create a random UUID
+resource "random_uuid" "app_secret" {}
 
 resource "azurerm_container_app" "twenty_server" {
   name                         = local.server_name
@@ -343,20 +337,8 @@ resource "azurerm_container_app" "twenty_server" {
         value = "https://${local.front_app_name}"
       }
       env {
-        name  = "ACCESS_TOKEN_SECRET"
-        value = random_uuid.access_token_secret.result
-      }
-      env {
-        name  = "LOGIN_TOKEN_SECRET"
-        value = random_uuid.login_token_secret.result
-      }
-      env {
-        name  = "REFRESH_TOKEN_SECRET"
-        value = random_uuid.refresh_token_secret.result
-      }
-      env {
-        name  = "FILE_TOKEN_SECRET"
-        value = random_uuid.file_token_secret.result
+        name  = "APP_SECRET"
+        value = random_uuid.app_secret.result
       }
     }
   }
@@ -446,4 +428,4 @@ resource "azurerm_container_app" "twenty_db" {
 
 Please feel free to Open a PR to add more Cloud Provider options.
 
-<ArticleEditContent></ArticleEditContent>
+<ArticleEditContent></ArticleEditContent>

packages/twenty-website/src/content/developers/self-hosting/docker-compose.mdx

@@ -50,23 +50,19 @@ Follow these steps for a manual setup.
 
 2. **Generate Secret Tokens**
 
-    Run the following command four times to generate four unique random strings:
+    Run the following command to generate a unique random string:
     ```bash
     openssl rand -base64 32
     ```
-    **Important:** Keep these tokens secure and do not share them.
+    **Important:** Keep this value secret / do not share it.
 
 3. **Update the `.env`**
 
-    Replace the placeholder values in your .env file with the generated tokens:
+    Replace the placeholder value in your .env file with the generated token:
 
     ```ini
-    ACCESS_TOKEN_SECRET=first_random_string
-    LOGIN_TOKEN_SECRET=second_random_string
-    REFRESH_TOKEN_SECRET=third_random_string
-    FILE_TOKEN_SECRET=fourth_random_string
+    APP_SECRET=first_random_string
     ```
-    **Note:** Only modify these lines unless instructed otherwise.
 
 4. **Set the Postgres Password**
 

packages/twenty-website/src/content/developers/self-hosting/self-hosting-var.mdx

@@ -51,14 +51,11 @@ yarn command:prod cron:calendar:calendar-event-list-fetch
 ### Tokens
 
 <ArticleTable options={[
-    ['ACCESS_TOKEN_SECRET', '<random>', 'Secret used for the access tokens'],
+    ['APP_SECRET', '<random>', 'Secret used for encryption across the app'],
     ['ACCESS_TOKEN_EXPIRES_IN', '30m', 'Access token expiration time'],
-    ['LOGIN_TOKEN_SECRET', '<random>', 'Secret used for the login tokens'],
     ['LOGIN_TOKEN_EXPIRES_IN', '15m', 'Login token expiration time'],
-    ['REFRESH_TOKEN_SECRET', '<random>', 'Secret used for the refresh tokens'],
     ['REFRESH_TOKEN_EXPIRES_IN', '90d', 'Refresh token expiration time'],
     ['REFRESH_TOKEN_COOL_DOWN', '1m', 'Refresh token cooldown'],
-    ['FILE_TOKEN_SECRET', '<random>', 'Secret used for the file tokens'],
     ['FILE_TOKEN_EXPIRES_IN', '1d', 'File token expiration time'],
     ['API_TOKEN_EXPIRES_IN', '1000y', 'API token expiration time'],
     ]}></ArticleTable>

packages/twenty-website/src/content/developers/self-hosting/upgrade-guide.mdx

@@ -103,7 +103,7 @@ The `yarn command:prod upgrade-0.31` takes care of the data migration of all wor
 
 ### Environment Variables
 
-The following environment variables have been changed:
+We have updated the way we handle the Redis connection.
 
 - Removed: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USERNAME`, `REDIS_PASSWORD`
 - Added: `REDIS_URL`
@@ -111,3 +111,10 @@ The following environment variables have been changed:
 Update your `.env` file to use the new `REDIS_URL` variable instead of the individual Redis connection parameters.
 
 <ArticleEditContent></ArticleEditContent>
+
+We have also simplifed the way we handle the JWT tokens.
+
+- Removed: `ACCESS_TOKEN_SECRET`, `LOGIN_TOKEN_SECRET`, `REFRESH_TOKEN_SECRET`, `FILE_TOKEN_SECRET`
+- Added: `APP_SECRET`
+
+Update your `.env` file to use the new `APP_SECRET` variable instead of the individual tokens secrets (you can use the same secret as before or generate a new random string)