Add documentation

README.md

@@ -45,6 +45,21 @@ mittwald_extension_webhook_controllers:
   prefix: /
 ```
 
+### 3. Configure encryption key
+
+> [!IMPORTANT]
+> This step is important for making sure that your extension secrets are stored securely.
+> Without this step, the webhooks will only throw exceptions. It's for your own safety. ;)
+
+The safest way to configure the instance secret encryption key is using an environment variable.
+Place the following configuration in your `services.yaml` and make sure the respective environment variable is defined:
+
+```yaml
+# config/services.yaml
+parameters:
+  mstudio_ext.instance_secret_key: '%env(MSTUDIO_EXTENSION_SECRET_KEY)%'
+```
+
 ## Optional integrations
 
 ### Implementing event handlers

src/Security/ExtensionInstanceSealer.php

@@ -53,6 +53,10 @@ public function sealExtensionInstanceSecret(string $secret): string
             return $secret;
         }
 
+        if ($this->key === "CHANGE_ME") {
+            throw new ExtensionInstanceSealerException("no encryption key was defined; refusing to continue for your own good; read the documentation to learn how to configure an encryption key");
+        }
+
         $length = openssl_cipher_iv_length($this->cipherMethod);
         if ($length === false) {
             throw new ExtensionInstanceSealerException("error while building IV");