Security Fixes

src/main/resources/application.yml

@@ -72,7 +72,9 @@ fitpub:
   # Security settings
   security:
     jwt:
-      secret: ${JWT_SECRET:change-this-secret-key-in-production-must-be-at-least-32-characters-long}
+      # JWT_SECRET must be set explicitly. The dev profile (application-dev.yml) provides a development default;
+      # production deployments without JWT_SECRET set will fail to start.
+      secret: ${JWT_SECRET:}
       expiration: 86400000 # 24 hours in milliseconds
 
   # Registration settings