docs: don't propose setting a random masterkey to env (#7495)

* docs: don't suggest setting a random masterkey to env

* read masterkey from file

* read masterkey from file

docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx

@@ -53,10 +53,10 @@ wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosti
 # Download and adjust the example configuration file containing database initialization configuration.
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
 
-# A single ZITADEL instance always needs the same 32 characters long masterkey
+# A single ZITADEL instance always needs the same 32 bytes long masterkey
-# If you haven't done so already, you can generate a new one.
+# Generate one to a file if you haven't done so already and pass it as environment variable
-# For example:
+tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
+export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
 
 # Run the database and application containers
 docker compose up --detach

docs/docs/self-hosting/manage/configure/_compose.mdx

@@ -34,10 +34,10 @@ wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosti
 # Download and adjust the example configuration file containing database initialization configuration.
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-init-steps.yaml
 
-# A single ZITADEL instance always needs the same 32 characters long masterkey
+# A single ZITADEL instance always needs the same 32 bytes long masterkey
-# If you haven't done so already, you can generate a new one
+# Generate one to a file if you haven't done so already and pass it as environment variable
-# For example:
+tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
+export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
 
 # Run the database and application containers
 docker compose up --detach

docs/docs/self-hosting/manage/configure/_linuxunix.mdx

@@ -55,11 +55,10 @@ export ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
 export ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME="root"
 export ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD="RootPassword1!"
 
-# A single ZITADEL instance always needs the same 32 characters long masterkey
+# A single ZITADEL instance always needs the same 32 bytes long masterkey
-# If you haven't done so already, you can generate a new one
+# Generate one to a file if you haven't done so already and pass it as environment variable
-# The key must be passed as argument
+tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
 
 # Let the zitadel binary read configuration from environment variables
-zitadel start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled
+zitadel start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled --masterkeyFile ./zitadel-masterkey
 ```