From 3911bb08526191b1fba3c648376f330f8d04dd6b Mon Sep 17 00:00:00 2001
From: tennisleng <tennisleng@users.noreply.github.com>
Date: Sat, 8 Nov 2025 15:21:49 -0500
Subject: [PATCH] docs: document NEXT_SERVER_ACTIONS_ENCRYPTION_KEY requirement

Signed-off-by: Andrew Leng <work@Andrews-MacBook-Air.local>
---
 README.md          | 12 ++++++++++++
 docker-compose.yml |  1 +
 2 files changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 08648c0a..b4568535 100644
--- a/README.md
+++ b/README.md
@@ -54,12 +54,24 @@ Create an `.env` file with the following:
 DATABASE_URL=connection-url
 ```
 
+If you are running Umami v3 or newer you must also set the encryption key required by Next.js Server Actions:
+
+```bash
+NEXT_SERVER_ACTIONS_ENCRYPTION_KEY=your-64-character-hex-string
+```
+
 The connection URL format:
 
 ```bash
 postgresql://username:mypassword@localhost:5432/mydb
 ```
 
+You can generate a secure 64-character hex encryption key (32 random bytes) with:
+
+```bash
+openssl rand -hex 32
+```
+
 ### Build the Application
 
 ```bash
diff --git a/docker-compose.yml b/docker-compose.yml
index 8c8a47a6..75c247fb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       DATABASE_URL: postgresql://umami:umami@db:5432/umami
       DATABASE_TYPE: postgresql
       APP_SECRET: replace-me-with-a-random-string
+      NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: replace-me-with-a-64-character-hex-string
     depends_on:
       db:
         condition: service_healthy