Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Generated secret key exceeds password max_length validation (43 chars > 40 limit) #1913

Unanswered
dipaksinha1 asked this question in Questions
Discussion options

First Check

  • I added a very descriptive title here.
  • I used the GitHub search to find a similar question and didn't find it.
  • I searched in the documentation/README.
  • I already searched in Google "How to do X" and didn't find any information.
  • I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

  • I commit to help with one of those options 👆

Example Code

# Following the README.md instructions to generate a secret key:
 python -c "import secrets; print(secrets.token_urlsafe(32))"
 # Output example (43 characters):
 Z0--srS3q2Gc6TXDdvDmBzfYjrotuAopoJP7jNJ0QJA
 # Using this as FIRST_SUPERUSER_PASSWORD in .env
 # Then running:
 docker compose watch
 # Results in error:
 # pydantic_core._pydantic_core.ValidationError: 1 validation error for 
 UserCreate
 # password
 # String should have at most 40 characters [type=string_too_long]

Description

The README.md documentation (line 150) instructs users to generate secret
keys using:

python -c "import secrets; print(secrets.token_urlsafe(32))"

However, this command generates 43-character strings, which exceeds the
password validation limit of 40 characters defined in
backend/app/models.py:17.

When following the setup instructions and using the generated key for
FIRST_SUPERUSER_PASSWORD, the prestart container fails during
initialization.

Root cause:

  • Password field validation: Field(min_length=8, max_length=40)
  • Generated key length: token_urlsafe(32) produces 43 characters

Suggested fix:
Change documentation to use token_urlsafe(24) which generates ~32
characters, safely under the 40-character limit.

Affected files:

  • README.md (line 150)
  • deployment.md (line 161)
  • copier.yml (lines 16, 54)

Operating System

macOS

Operating System Details

Darwin 25.0.0

Python Version

Python 3.10+

Additional Context

This issue affects new users following the official setup guide. The error
only appears after Docker containers are built and the prestart service
tries to create the initial superuser.

I'm happy to submit a PR to fix the documentation once this is confirmed.
You must be logged in to vote

Replies: 1 comment 1 reply

Comment options

Thanks for reporting!

Sorry, I didn't notice you expressed the intention to open PR and I already opened: #1914

You must be logged in to vote
1 reply
Comment options

Thanks, Yurii! Appreciate you jumping on this so quickly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested

AltStyle によって変換されたページ (->オリジナル) /