meilisearch · bors · Feb 2, 2023 · Jan 11, 2023 · Jan 18, 2023 · Jan 18, 2023
diff --git a/.vale/styles/Vocab/word_list/accept.txt b/.vale/styles/Vocab/word_list/accept.txt
@@ -78,3 +78,4 @@ AMIs
 [Cc]ancelation
 Brotli
 zlib
+autogenerate
diff --git a/learn/configuration/instance_options.md b/learn/configuration/instance_options.md
@@ -166,12 +166,12 @@ Configures the instance's environment. Value must be either `production` or `dev
 
 `production`:
 
-- Setting a [master key](/learn/security/master_api_keys.md) is **mandatory**
+- Setting a [master key](/learn/security/master_api_keys.md) of at least 16 bytes is **mandatory**. If no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key
 - The [search preview interface](/learn/what_is_meilisearch/search_preview.md) is disabled
 
 `development`:
 
-- Setting a [master key](/learn/security/master_api_keys.md) is **optional**
+- Setting a [master key](/learn/security/master_api_keys.md) is **optional**. If no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key
 - Search preview is enabled
 
 ::: tip
@@ -192,18 +192,16 @@ Sets the HTTP address and port Meilisearch will use.
 **Environment variable**: `MEILI_MASTER_KEY`
 **CLI option**: `--master-key`
 **Default value**: `None`
-**Expected value**: an alphanumeric string
+**Expected value**: a UTF-8 string of at least 16 bytes
 
 Sets the instance's master key, automatically protecting all routes except [`GET /health`](/reference/api/health.md). This means you will need an API key to access endpoints such as `POST /search` and `GET /documents`. [You can read more about security keys in Meilisearch in our dedicated guide.](/learn/security/master_api_keys.md)
 
-::: note
-You must supply an alphanumeric string when using this option.
-:::
-
-Providing a master key is mandatory when `--env` is set to `production`. If none is given, Meilisearch will throw an error and refuse to launch.
+Providing a master key is mandatory when `--env` is set to `production`. If none is given, or it is under 16 bytes, Meilisearch will throw an error and refuse to launch.
 
 If no master key is provided in a `development` environment, all routes will be unprotected and publicly accessible.
 
+If you do not supply a master key in `production` or `development` environments or it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key you can use when restarting your instance.
+
 [Learn more about Meilisearch's use of security keys.](/learn/security/master_api_keys.md)
 
 ### Disable auto-batching

diff --git a/learn/cookbooks/running_production.md b/learn/cookbooks/running_production.md
@@ -103,7 +103,7 @@ In Debian and other Linux distributions, `systemd` allows you to create and mana
 
 Service files are text files that tell your operating system how to run your program, and when. They live in the `/etc/systemd/system` directory, and your system will load them at boot time. In this case, let's use a very simple service file that will run Meilisearch on port `7700`.
 
-To run Meilisearch in a production environment, use the `--env` flag. Set the master key using the `--master-key` option. When you launch an instance for the first time, Meilisearch creates two default API keys: [`Default Search API Key` and `Default Admin API Key`](/learn/security/master_api_keys.md#using-default-api-keys-for-authorization). With the `Default Admin API Key`, you can control who can access or create new documents, indexes, or change the configuration.
+To run Meilisearch in a production environment, use the `--env` flag. Set a master key of at least 16 bytes using the `--master-key` option. When you launch an instance for the first time, Meilisearch creates two default API keys: [`Default Search API Key` and `Default Admin API Key`](/learn/security/master_api_keys.md#using-default-api-keys-for-authorization). With the `Default Admin API Key`, you can control who can access or create new documents, indexes, or change the configuration.
 
 Remember to choose a safe and random key and avoid exposing it in publicly accessible applications. You can change the master key with the following command:
 

diff --git a/learn/getting_started/quick_start.md b/learn/getting_started/quick_start.md
@@ -312,7 +312,7 @@ You should now have a working front-end search interface 🚀🔥
 
 ## Securing Meilisearch
 
-The Meilisearch API is unprotected by default, making all routes publicly accessible. You can set a master key to protect your instance from unauthorized use:
+The Meilisearch API is unprotected by default, making all routes publicly accessible. You can set a master key of at least 16 bytes to protect your instance from unauthorized use:
 
 :::: tabs
 

diff --git a/learn/security/master_api_keys.md b/learn/security/master_api_keys.md
@@ -4,9 +4,9 @@ This guide will teach you how to protect your Meilisearch instance by setting a
 
 ## Protecting a Meilisearch instance
 
-**By default, Meilisearch's API is unprotected**. This means all routes are publicly accessible, and require no authorization to access.
+**By default, Meilisearch's API is unprotected**. This means all routes are publicly accessible and require no authorization to access.
 
-To protect a Meilisearch instance from unauthorized use, you must supply a master key at launch. This master key can be of any length, but must be composed of valid UTF-8 characters.
+To protect a Meilisearch instance from unauthorized use, you must supply a master key at launch. This master key must be at least 16 bytes, composed of valid UTF-8 characters. In a production environment, Meilisearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes, Meilisearch will suggest a secure autogenerated master key.
 
 ::: warning
 You need to set a master key to access the [`/keys`](/reference/api/keys.md) route. Otherwise, you will get a [`missing_master_key`](/reference/errors/error_codes.md#missing-master-key) error.

diff --git a/reference/api/overview.md b/reference/api/overview.md
@@ -21,7 +21,7 @@ This API documentation uses the following conventions:
 
 ## Authorization
 
-By [providing Meilisearch with a master key at launch](/learn/security/master_api_keys.md#protecting-a-meilisearch-instance), you protect your instance from unauthorized requests. From then on, you must include the `Authorization` header along with a valid API key to access protected routes (all routes except [`/health`](/reference/api/health.md).
+By [providing Meilisearch with a master key at launch](/learn/security/master_api_keys.md#protecting-a-meilisearch-instance), you protect your instance from unauthorized requests. The provided master key must be at least 16 bytes. From then on, you must include the `Authorization` header along with a valid API key to access protected routes (all routes except [`/health`](/reference/api/health.md).
 
 <CodeSamples id="authorization_header_1" />
-Original file line number
+Diff line change
@@ Expand Up / @@ -78,3 +78,4 @@ AMIs @@
     [Cc]ancelation
     Brotli
     zlib
+    autogenerate