Rename STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY to STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY

[BilalG1]

Summary

• Renames the env var STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY to STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY everywhere it is used (20 occurrences across 8 files), covering backend env files, the Prisma seed script, runtime config, and the docker entrypoint/local-emulator scripts.
• Mirrors the prior publishable-client-key rename in Rename STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY to STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY #1411.

Test plan

• pnpm lint
• pnpm typecheck
• Verify local emulator still boots with the renamed variable
• Verify any deploy/CI configs that set the old name are updated alongside this change

Summary by CodeRabbit

• Chores
  • Updated internal environment variable naming for API key management and server configuration consistency across backend systems, Docker deployment, and local development setup.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-auth-hosted-components	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-backend	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-dashboard	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-demo	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-docs	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-preview-backend	Ready	Preview, Comment	May 6, 2026 5:04pm
stack-preview-dashboard	Ready	Preview, Comment	May 6, 2026 5:04pm

[coderabbitai]

Caution

Review failed

Failed to post review comments

📝 Walkthrough

Walkthrough

This PR renames the internal project secret server key environment variable from STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY to STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY across configuration, seeding, application, and Docker setup files, removing the SEED prefix from the variable name throughout the system.

Changes

Internal Secret Server Key Variable Rename

Layer / File(s)	Summary
Environment Configuration apps/backend/.env, apps/backend/.env.development	Environment variable renamed from STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY to STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY with same values.
Server Initialization & Validation docker/server/entrypoint.sh	Entrypoint script updated to validate, generate, and export STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY instead of seed variant; adjusted hex validation and API key bootstrap SQL to use the renamed variable in both local-emulator and standard paths.
Seed & Application Setup apps/backend/prisma/seed.ts, apps/backend/src/stack.tsx	Database seed script and application configuration updated to read STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY for internal API key setup and server configuration.
Local Emulator Setup docker/local-emulator/qemu/cloud-init/emulator/user-data, docker/local-emulator/qemu/run-emulator.sh, docker/local-emulator/rotate-secrets.sh	Cloud-init user-data, emulator runner, and rotate-secrets script updated to use and pass the renamed variable across three locations (env rendering, smoke test, secret rotation).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A seed once sown, now bare its name,
The secret key sheds its PREFIX shame,
From SEED to STACK, the rename flows,
Through configs, scripts, and Docker rows. 🔑✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: renaming a specific environment variable throughout the codebase.
Description check	✅ Passed	The description provides a comprehensive summary of changes, lists affected files, references a related PR, and includes a test plan with clear status indicators.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/rename-seed-env-var

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR renames the environment variable STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY to STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY, mirroring the naming convention established by the prior publishable-client-key rename in #1411. All 20 occurrences across 8 files are updated, and a grep confirms zero remaining uses of the old name in the repository.

• Backend env files and seed script (apps/backend/.env, .env.development, prisma/seed.ts): variable references updated to match the new name, with the error message string also corrected.
• Runtime and Docker scripts (src/stack.tsx, entrypoint.sh, rotate-secrets.sh, user-data, run-emulator.sh): all injection sites, validation loops, SQL upserts, and printf calls now use STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY.

Confidence Score: 5/5

Safe to merge — a mechanical rename with complete coverage, verified by a repo-wide grep showing zero remaining uses of the old name.

Every usage site — env files, seed script, runtime app init, Docker entrypoint, emulator cloud-init, fast-rotate, and the secret-rotation script — has been updated atomically and consistently. No stale references remain anywhere in the repository, including CI/CD workflows.

No files require special attention; all eight changed files carry straightforward one-for-one substitutions.

Important Files Changed

Filename	Overview
apps/backend/.env	Comment-placeholder line renamed; no functional change.
apps/backend/.env.development	Development default value line renamed; no functional change.
apps/backend/prisma/seed.ts	Both the env lookup and the throwErr message string updated to the new variable name.
apps/backend/src/stack.tsx	Single getEnvVariable call updated; straightforward rename.
docker/server/entrypoint.sh	All four usage sites (validation loop, export, default-generation, SQL upsert) updated consistently.
docker/local-emulator/rotate-secrets.sh	Validation loop, env-file write, mirror write, and SQL UPDATE all updated.
docker/local-emulator/qemu/cloud-init/emulator/user-data	Three occurrences in cloud-init shell blocks updated correctly.
docker/local-emulator/qemu/run-emulator.sh	Single printf call in the fast-rotate payload updated.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Environment Variable\nSTACK_INTERNAL_PROJECT_SECRET_SERVER_KEY] --> B{Runtime Mode?}
    B -- "Local Emulator" --> C[entrypoint.sh: require var is set\nvalidate 64-char hex]
    B -- "Standard Docker" --> D[entrypoint.sh: auto-generate\nopenssl rand -base64 32]
    C --> E[Export as\nSTACK_SECRET_SERVER_KEY]
    D --> E
    E --> F[apps/backend/src/stack.tsx\ngetEnvVariable → StackServerApp]
    A --> G[prisma/seed.ts\nupsert internal ApiKeySet]
    A --> H[rotate-secrets.sh\nvalidate + write rotated-secrets.env\nSQL UPDATE ApiKeySet]
    A --> I[user-data / run-emulator.sh\nqemu fast-rotate payload]

Loading

_{Reviews (1): Last reviewed commit: "Rename STACK_SEED_INTERNAL_PROJECT_SECRE..." | Re-trigger Greptile}