[Enhancement] Document That Special Characters Are Not Allowed in Invidious Companion Key #648
Description
Description
The current Invidious Companion documentation does not explicitly state that special characters are not allowed in the SERVER_SECRET_KEY environment variable. Additionally, it does not explain why pwgen is recommended for generating the key. This can lead to user confusion when a key with special characters causes a 400 "Bad Request" error without clear guidance. This issue proposes updating the documentation to clarify these points.
Suggested Changes
Update the Invidious Companion installation guide and/or the environment variables wiki to include:
- A clear statement that the
SERVER_SECRET_KEYmust only contain alphanumeric characters (no special characters like#,!, or@). - An explanation that
pwgen(e.g.,pwgen 16 1) is recommended because it generates secure, alphanumeric keys compatible with Invidious Companion’s requirements. - An example of a valid key, e.g.,
fei0Che3aejaelee. - A note that using special characters may result in a 400 "Bad Request" error, with a suggestion to check the key if this error occurs.
Example Documentation Text
SERVER_SECRET_KEY
The SERVER_SECRET_KEY must be a secure, random string used for communication between Invidious and Invidious Companion.
It must:
- Contain only alphanumeric characters (letters A-Z, a-z, and numbers 0-9).
- Avoid special characters (e.g.,
#,!,@, etc.), as they will cause a 400 "Bad Request" error. - Be at least 20 characters long for security.
We recommend generating the key using pwgen on Linux, e.g.:
pwgen 16 1