Update doc/2/guides/getting-started/deploy-your-application/index.md

Co-authored-by: Ricky <[email protected]>
kuzzleio · Nov 7, 2024 · 073ef2a · 073ef2a
1 parent 9dbe1b1
commit 073ef2a
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/doc/2/guides/getting-started/deploy-your-application/index.md b/doc/2/guides/getting-started/deploy-your-application/index.md
@@ -49,17 +49,25 @@ A production deployment must include a reverse proxy to securize the connection
 :::
 
 ::: warning
-#### Production Deployment: Auth Token Secret
+# Authentication Security in Production
 
-For every production deployment of Kuzzle, it is essential to set the `kuzzle_security__authToken__secret` environment variable. This ensures that the JWT secrets used for authenticating requests are generated externally and not stored in Elasticsearch. By managing the secret through an environment variable, you enhance security, prevent potential data exposure, and ensure tokens remain valid only as long as the secret remains unchanged.
+## ⚠️ Important Security Requirement
 
-Important: If the `kuzzle_security__authToken__secret` value is changed when Kuzzle restarts, all existing tokens will be invalidated. This ensures that only tokens signed with the current secret remain valid, adding an extra layer of security.
+You must set the `kuzzle_security__authToken__secret` environment variable before deploying Kuzzle to production. This secret is used to sign and verify JSON Web Tokens (JWTs) for user authentication.
 
-For default configuration values, you can refer to [the sample Kuzzle configuration file](https://github.com/kuzzleio/kuzzle/blob/master/.kuzzlerc.sample.jsonc).
+## Why This Matters
+- Prevents tokens from being stored in Elasticsearch
+- Improves overall security
+- Gives you direct control over token management
 
-Note: If the secret is not set, Kuzzle will fallback to a less secure method of generating and storing the secret, which is not recommended for production environments.
-:::
+## Security Notes
+1. **Fallback Warning**: If you don't set this variable, Kuzzle will use a less secure fallback method (not recommended for production)
+2. **Token Invalidation**: Changing the secret value will immediately invalidate all existing authentication tokens
+3. **User Impact**: Users will need to log in again if the secret changes
 
+## Additional Resources
+For other configuration options, see the [sample configuration file](https://github.com/kuzzleio/kuzzle/blob/master/.kuzzlerc.sample.jsonc).
+:::
 ## Prepare our Docker Compose deployment
 
 We are going to write a `docker-compose.yml` file that describes our services.