fix: API key save network error — add ENCRYPTION_KEY env and auto-migrate

The "Netzwerkfehler beim Speichern des Schlüssels" was caused by two issues: 1. ENCRYPTION_KEY env var was not passed to the Docker container, so AES-256-GCM encrypt() threw at runtime on every POST/PATCH. 2. The 0003_tenant_api_keys migration was not in the drizzle journal and no migration runner existed in the Docker image. Changes: - docker-compose.yml: pass ENCRYPTION_KEY to app container - .env.example: document ENCRYPTION_KEY with generation command - .gitignore: allow .env.example to be tracked - Dockerfile: include drizzle/ migrations and entrypoint script - entrypoint.sh: run migrations before starting the app - migrate.mjs: runtime migration script using drizzle-orm migrator - drizzle journal: register 0003_tenant_api_keys migration Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-09 14:28:19 +00:00
parent 2a7db07d46
commit b22bdd8425
7 changed files with 61 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,23 @@
+# Database
+DATABASE_URL=postgresql://legalai:legalai@localhost:5432/legalai
+
+# Authentication
+NEXTAUTH_URL=http://localhost:3000
+NEXTAUTH_SECRET=your-secret-here
+
+# AI Providers (set the one you use: anthropic, openai, ollama)
+AI_PROVIDER=anthropic
+ANTHROPIC_API_KEY=
+OPENAI_API_KEY=
+
+# Ollama (local LLM)
+OLLAMA_URL=http://localhost:11434
+OLLAMA_MODEL=llama3
+
+# Search
+MEILISEARCH_URL=http://localhost:7700
+MEILISEARCH_API_KEY=masterKey
+
+# Encryption (required for per-tenant API key storage)
+# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+ENCRYPTION_KEY=