Thanks for this article!! I have a question about this bit
// Generate secret hash with crypto to use for encryption
const key = crypto
.createHash('sha512')
.update(secret_key)
.digest('hex')
.substring(0, 32)
const encryptionIV = crypto
.createHash('sha512')
.update(secret_iv)
.digest('hex')
.substring(0, 16)
If I understood correctly, this will generate the key and encryptionIV values, which will be constants, so why not just saving those already calculated values in the .env file directly?
Thanks for this article!! I have a question about this bit
If I understood correctly, this will generate the
keyandencryptionIVvalues, which will be constants, so why not just saving those already calculated values in the .env file directly?It's not a good practice to save them in the env as every encryption hash is expected to have its own unique encryption key.