feat(core): add secret configuration option

[halvaradop]

Description

This pull request introduces the secret configuration option, which allows setting the secret key used to encrypt and sign JWTs and CSRF tokens in the aura-stack/auth package in a declarative way. This new option enables overriding the default usage of the AURA_AUTH_SECRET environment variable by explicitly providing the value to the Aura Auth instance via the secret option.

export const auth = createAuth({
  oauth: ["github"],
  secret: "secret-key"
})

With the new implementation, the secret option takes priority. If it is not provided, Aura Auth will fall back to the AURA_AUTH_SECRET environment variable. If neither is defined, an error will be thrown since a secret is required for security.

Note

For security purposes, aura-auth/jose enforces that the secret must be at least 32 bytes.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
auth	Ready	Preview	Comment	Dec 9, 2025 10:19pm