From 75c7c97af75b4156964c4830757ea1346617ee77 Mon Sep 17 00:00:00 2001
From: zznate <zznate.m@gmail.com>
Date: Fri, 10 Oct 2025 08:56:19 +1300
Subject: [PATCH] docs: Comment for complex password requiremens on OpenSearch

---
 .env.example | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.env.example b/.env.example
index f790ce09..eb7edcd3 100644
--- a/.env.example
+++ b/.env.example
@@ -16,6 +16,8 @@ NUDGES_FLOW_ID=ebc01d31-1976-46ce-a385-b0240327226c
 # Set a strong admin password for OpenSearch; a bcrypt hash is generated at
 # container startup from this value. Do not commit real secrets.
 # must match the hashed password in secureconfig, must change for secure deployment!!!
+# NOTE: if you set this by hand, it must be a complex password: 
+# mixed case, numbers, and symbols greater than 10 characters 
 OPENSEARCH_PASSWORD=
 
 # make here https://console.cloud.google.com/apis/credentials