Generated secret key exceeds password max_length validation (43 chars > 40 limit)

[dipaksinha1]

First Check

• I added a very descriptive title here.
• I used the GitHub search to find a similar question and didn't find it.
• I searched in the documentation/README.
• I already searched in Google "How to do X" and didn't find any information.
• I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

• I commit to help with one of those options 👆

Example Code

# Following the README.md instructions to generate a secret key:
  python -c "import secrets; print(secrets.token_urlsafe(32))"

  # Output example (43 characters):
  Z0--srS3q2Gc6TXDdvDmBzfYjrotuAopoJP7jNJ0QJA

  # Using this as FIRST_SUPERUSER_PASSWORD in .env
  # Then running:
  docker compose watch

  # Results in error:
  # pydantic_core._pydantic_core.ValidationError: 1 validation error for 
  UserCreate
  # password
  #   String should have at most 40 characters [type=string_too_long]

Description

The README.md documentation (line 150) instructs users to generate secret
keys using:

python -c "import secrets; print(secrets.token_urlsafe(32))"

However, this command generates 43-character strings, which exceeds the
password validation limit of 40 characters defined in
backend/app/models.py:17.

When following the setup instructions and using the generated key for
FIRST_SUPERUSER_PASSWORD, the prestart container fails during
initialization.

Root cause:

• Password field validation: Field(min_length=8, max_length=40)
• Generated key length: token_urlsafe(32) produces 43 characters

Suggested fix:
Change documentation to use token_urlsafe(24) which generates ~32
characters, safely under the 40-character limit.

Affected files:

• README.md (line 150)
• deployment.md (line 161)
• copier.yml (lines 16, 54)

Operating System

macOS

Operating System Details

Darwin 25.0.0

Python Version

Python 3.10+

Additional Context

This issue affects new users following the official setup guide. The error
only appears after Docker containers are built and the prestart service
tries to create the initial superuser.

I'm happy to submit a PR to fix the documentation once this is confirmed.

[YuriiMotov]

Thanks for reporting!

Sorry, I didn't notice you expressed the intention to open PR and I already opened: #1914

[dipaksinha1]

Thanks, Yurii! Appreciate you jumping on this so quickly.

[YuriiMotov]

#1447 updated the user password length constraint to be 128 characters. This solves the issue