Description
The current Invidious Companion documentation does not explicitly state that special characters are not allowed in the SERVER_SECRET_KEY environment variable. Additionally, it does not explain why pwgen is recommended for generating the key. This can lead to user confusion when a key with special characters causes a 400 "Bad Request" error without clear guidance. This issue proposes updating the documentation to clarify these points.
Suggested Changes
Update the Invidious Companion installation guide and/or the environment variables wiki to include:
- A clear statement that the
SERVER_SECRET_KEY must only contain alphanumeric characters (no special characters like #, !, or @).
- An explanation that
pwgen (e.g., pwgen 16 1) is recommended because it generates secure, alphanumeric keys compatible with Invidious Companion’s requirements.
- An example of a valid key, e.g.,
fei0Che3aejaelee.
- A note that using special characters may result in a 400 "Bad Request" error, with a suggestion to check the key if this error occurs.
Example Documentation Text
SERVER_SECRET_KEY
The SERVER_SECRET_KEY must be a secure, random string used for communication between Invidious and Invidious Companion.
It must:
- Contain only alphanumeric characters (letters A-Z, a-z, and numbers 0-9).
- Avoid special characters (e.g.,
#, !, @, etc.), as they will cause a 400 "Bad Request" error.
- Be at least 20 characters long for security.
We recommend generating the key using pwgen on Linux, e.g.:
Description
The current Invidious Companion documentation does not explicitly state that special characters are not allowed in the
SERVER_SECRET_KEYenvironment variable. Additionally, it does not explain whypwgenis recommended for generating the key. This can lead to user confusion when a key with special characters causes a 400 "Bad Request" error without clear guidance. This issue proposes updating the documentation to clarify these points.Suggested Changes
Update the Invidious Companion installation guide and/or the environment variables wiki to include:
SERVER_SECRET_KEYmust only contain alphanumeric characters (no special characters like#,!, or@).pwgen(e.g.,pwgen 16 1) is recommended because it generates secure, alphanumeric keys compatible with Invidious Companion’s requirements.fei0Che3aejaelee.Example Documentation Text
SERVER_SECRET_KEY
The
SERVER_SECRET_KEYmust be a secure, random string used for communication between Invidious and Invidious Companion.It must:
#,!,@, etc.), as they will cause a 400 "Bad Request" error.We recommend generating the key using
pwgenon Linux, e.g.: