Misleading Statements About APP_SECRET

[miqrogroove]

symfony-docs/security/remember_me.rst

Lines 82 to 84 in 26b76c0

	The ``secret`` option is no longer required starting from Symfony 7.2. By
	default, ``%kernel.secret%`` is used, which is defined using the
	``APP_SECRET`` environment variable.

The examples combined with the statement "option is no longer required" lead me to a spectacular failure of my production site.

For context, I found this blog post with equally misleading statements:

https://symfony.com/blog/new-in-symfony-7-2-optional-secret

"With these changes, if you enable a feature that requires a secret but have not configured one, Symfony will throw an exception with a clear message explaining how to resolve the issue.

Finally, to improve DX (developer experience) during local development, Symfony automatically generates a secret value for the local environment when creating a new application. This value is stored in the .env.dev file, which is a safer practice compared to the previous approach."

So we now have the following ingredients:

1. Documentation says the secret configuration is no longer required.
2. Blog says the secret is provided automatically, and with clear messages.
3. Production environment has no configured secret.
4. Production environment throws a generic error page with no relevant message and no log output.