From b9212d9c4150b1beb7f056f5592be3ac0df0a313 Mon Sep 17 00:00:00 2001
From: Florian Heinz <mail@hnz.io>
Date: Tue, 21 Apr 2026 21:25:36 +0200
Subject: [PATCH] fix: persist fallback secret key for csrf stability

---
 app/config.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/app/config.py b/app/config.py
index 626e5d1..f3659b9 100644
--- a/app/config.py
+++ b/app/config.py
@@ -10,10 +10,25 @@ def _default_data_dir() -> Path:
     return Path(os.getenv("SALDO_DATA_DIR", Path.cwd() / "instance")).resolve()
 
 
+def _secret_key(data_dir: Path) -> str:
+    configured = os.getenv("SECRET_KEY")
+    if configured:
+        return configured
+
+    secret_file = data_dir / ".secret_key"
+    if secret_file.exists():
+        return secret_file.read_text(encoding="utf-8").strip()
+
+    data_dir.mkdir(parents=True, exist_ok=True)
+    generated = secrets.token_hex(32)
+    secret_file.write_text(generated, encoding="utf-8")
+    return generated
+
+
 class Config:
     APP_NAME = "Saldo"
-    SECRET_KEY = os.getenv("SECRET_KEY") or secrets.token_hex(32)
     DATA_DIR = _default_data_dir()
+    SECRET_KEY = _secret_key(DATA_DIR)
     AVATAR_UPLOAD_DIR = DATA_DIR / "avatars"
     SQLALCHEMY_DATABASE_URI = os.getenv(
         "DATABASE_URL",