Insecure JWT Secret Default Value

ISSUE_NUMBER: GH-003
## Description
The `JWT_SECRET` environment variable defaults to a hardcoded value of `'your-secret-key'` if not explicitly set. This poses a significant security risk, as it allows attackers to easily forge JWT tokens and gain unauthorized access.
**File:** `repositories/jobflowapi/controllers/auth.py`
**Line:** 34
**Severity:** critical
### Current Behavior
The application uses a default JWT secret if the `JWT_SECRET` environment variable is not set.
### Expected Behavior
The application should either:
1.  Refuse to start if the `JWT_SECRET` environment variable is not set.
2.  Generate a cryptographically secure random secret at startup if one is not provided.
### Suggested Fix
1.  Check if `JWT_SECRET` is set. If not, raise an exception or log a critical error and exit.
2.  Implement a mechanism to generate a random, secure secret at startup if one is not provided via environment variable.
### Code Context
```python
JWT_SECRET = os.getenv('JWT_SECRET', 'your-secret-key')
```
### Additional Notes
This is a critical security vulnerability that must be addressed immediately.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Insecure JWT Secret Default Value #32

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Insecure JWT Secret Default Value #32

Description

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions