fix: correct ENCRYPTION_KEY example and improve .env.example developer guidance

[yash27007]

This PR improves the developer onboarding experience by fixing and clarifying the .env.example file used for local development.

What was wrong

The previous ENCRYPTION_KEY example caused the backend to fail during migrations with:

Error: Invalid key length

This happens because the example key provided did not match the expected size required by Infisical’s cryptography module.

What this PR changes

• Replaces the sample ENCRYPTION_KEY with a valid-length base64 key to avoid runtime crypto errors.
• Adds a comment explaining the key length requirement.
• Improves comments around key usage to guide new developers.
• Enhances onboarding clarity without introducing any breaking changes.

Why this helps

New contributors following the development docs were hitting boot-up migration failures due to the invalid sample key.
Fixing this removes a common point of confusion and creates a smoother, more reliable local setup experience — especially for first-time contributors.

Type

• Improvement
• Documentation

Tests

Steps taken:

1. Rebuilt and recreated all dev containers using:

   docker compose -f docker-compose.dev.yml up --build --force-recreate

2. Verified backend starts without crypto initialization errors.

3. Confirmed migrations run successfully using the corrected key.

No additional dependencies required.

---

• I have read the contributing guide and agree to the code of conduct. 📝

---

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

Fixes critical developer onboarding issue by correcting the ENCRYPTION_KEY format in .env.example. The previous base64-formatted example caused "Invalid key length" errors during migrations. Changes include:

• Replaced sample ENCRYPTION_KEY with a valid 16-byte hex string (down from 32-byte base64)
• Added comment explaining the requirement and generation command (openssl rand -hex 16)
• Added generation command for AUTH_SECRET (openssl rand -base64 32)
• Clarified SITE_URL must include protocol

The changes align with the existing documentation at docs/self-hosting/configuration/envars.mdx which already specifies the 16-byte hex requirement. The code at backend/src/lib/crypto/cryptography/crypto.ts:310-323 treats ENCRYPTION_KEY as a 128-bit UTF8-encoded key (32 chars as hex = 128 bits), whereas the old base64 value was being interpreted as 256 bits, causing the mismatch.

Confidence Score: 5/5

• This PR is safe to merge with no risks - it only updates documentation and example values
• The PR fixes a legitimate bug in the example environment file. The new key format matches both the documentation (docs/self-hosting/configuration/envars.mdx:13-16) and the code's expectations (backend/src/lib/crypto/cryptography/crypto.ts:310-323). No functional code changes, only improvements to developer documentation.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
.env.example	4/5	Fixed ENCRYPTION_KEY format from base64 to 16-byte hex and improved documentation with generation commands

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}