chore: update sourcebot encryption key message to include info about invalidating api keys

brendan-kellam · brendan-kellam · commit 496b09a31efa · 2026-06-16T19:29:43.000-07:00
diff --git a/packages/shared/src/env.server.ts b/packages/shared/src/env.server.ts
@@ -342,7 +342,7 @@ const options = {
         // requirement means this must be exactly 32 characters. Generate one with
         // `openssl rand -base64 24` (24 random bytes => a 32-character base64 string).
         SOURCEBOT_ENCRYPTION_KEY: z.string().length(32, {
-            message: "SOURCEBOT_ENCRYPTION_KEY must be exactly 32 characters (a 256-bit AES key). Generate one with `openssl rand -base64 24`.",
+            message: "SOURCEBOT_ENCRYPTION_KEY must be exactly 32 characters (a 256-bit AES key). Generate one with `openssl rand -base64 24`.\nWARNING: Updating this value will invalidate any existing API keys.",
         }),
         SOURCEBOT_INSTALL_ID: z.string().default("unknown"),
         SOURCEBOT_LIGHTHOUSE_URL: z.string().url().default("https://deployments.sourcebot.dev"),
