@@ -60,10 +60,24 @@ secret
6060
6161**type **: ``string `` **required **
6262
63- This is a string that should be unique to your application. In practice,
64- it's used for generating the CSRF tokens, but it could be used in any other
65- context where having a unique string is useful. It becomes the service container
66- parameter named ``kernel.secret ``.
63+ This is a string that should be unique to your application and it's commonly used
64+ to add more entropy to security related operations. Its value should be series of
65+ characters, numbers and symbols choosen randomly. It's recommended length is
66+ around 32 characters.
67+
68+ In practice, Symfony uses this value for generating the:ref: `CSRF tokens <forms-csrf >`,
69+ for encrypting the cookies used in the:doc: `remember me functionality </cookbook/security/remember_me >`
70+ and for creating signed URIs when using:ref: `ESI (Edge Side Includes) <edge-side-includes >` .
71+
72+ This option becomes the service container parameter named ``kernel.secret ``,
73+ which you can use whenever the application needs a immutable random string
74+ to add more entropy.
75+
76+ As any other security-related parameter, is a good practice to change this
77+ value from time to time. However, keep in mind that changing this value will
78+ invalidate all signed URIs and Remember Me cookies. That's why, after changing
79+ this value, you should regenerate the application cache, delete the HTTP Cache
80+ related cache and log out all the application users.
6781
6882.. _configuration-framework-http_method_override :
6983