bknd-production-config_skill

This skill helps you prepare a BKND app for production by configuring production mode, JWT security, guards, CORS, media storage, and deployment readiness.

2

GitHub Stars

1

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill cameronapak/bknd-skills --skill bknd-production-config

  • SKILL.md12.4 KB

Overview

This skill helps prepare a Bknd application for secure, reliable production deployment. It guides enabling production mode, locking down authentication and authorization, configuring CORS and media storage, and validating environment variables. The content focuses on concrete configuration snippets, checklist items, and common fixes so you can deploy with confidence.

How this skill works

The skill inspects your intended production settings and explains the code and environment changes required: set isProduction to true, provide a strong JWT secret, enable Guard, and configure storage adapters. It walks through auth cookie settings, CORS origins, media adapters (S3, R2, Cloudinary), and a security checklist to verify before go-live. Sample configuration blocks and platform-specific notes (Vercel, Cloudflare, Docker) make it actionable.

When to use it

  • Before first production deployment to enforce security defaults
  • When migrating from local/dev to a hosted production environment
  • When configuring authentication or changing JWT/cookie behavior
  • When switching media storage from local to cloud adapters
  • When validating CORS, network, and backup requirements

Best practices

  • Set isProduction: true so admin becomes read-only and errors are hidden
  • Generate a cryptographically secure JWT secret (>=32 bytes) and store it in env vars
  • Enable Guard to enforce row-level and role-based permissions
  • Use cloud storage adapters for media; avoid local filesystem in serverless
  • Explicitly list CORS origins and enable credentials only for trusted domains
  • Test production-like settings locally with a gitignored .env.production.local

Example use cases

  • Locking an app before handing over admin access so the schema cannot be changed
  • Switching from local uploads to AWS S3 for a serverless deployment
  • Fixing missing JWT_SECRET startup errors by adding platform secrets
  • Configuring cookies for secure, cross-site-safe authentication in production
  • Enforcing owner-only updates/deletes with Guard row-level filters

FAQ

Development features stay enabled: schema sync, detailed errors, and writable admin—raising security and stability risks.

How do I generate a secure JWT secret?

Use crypto random tools: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" or openssl rand -hex 32, then store the value in an environment variable.

Can I use wildcard CORS in production?

No. Avoid '*' in production. Explicitly list allowed origins and enable credentials only for trusted frontends.

Why enable Guard?

Without Guard enabled, authenticated users may have excessive access. Guard enforces role permissions and row-level filters to protect sensitive data.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
bknd-production-config skill by cameronapak/bknd-skills | VeilStrat