diff --git a/.env.example b/.env.example
index 6d24e2b0..1ac9a3fc 100644
--- a/.env.example
+++ b/.env.example
@@ -2,7 +2,7 @@
 APP_URL=http://localhost:3000
 PORT=3000
 
-# make sure to replace this.
+# minimum of 32 characters. Generate one with: openssl rand -hex 32
 APP_SECRET=REPLACE_WITH_LONG_SECRET
 
 JWT_TOKEN_EXPIRES_IN=30d
diff --git a/apps/server/src/integrations/environment/environment.validation.ts b/apps/server/src/integrations/environment/environment.validation.ts
index cba438e6..fd0b33e7 100644
--- a/apps/server/src/integrations/environment/environment.validation.ts
+++ b/apps/server/src/integrations/environment/environment.validation.ts
@@ -4,6 +4,7 @@ import {
   IsNotIn,
   IsOptional,
   IsUrl,
+  MinLength,
   validateSync,
 } from 'class-validator';
 import { plainToInstance } from 'class-transformer';
@@ -36,6 +37,7 @@ export class EnvironmentVariables {
   APP_URL: string;
 
   @IsNotEmpty()
+  @MinLength(32)
   @IsNotIn(['REPLACE_WITH_LONG_SECRET'])
   APP_SECRET: string;