Security problem in `/config/admin.js`

[coolansplanet]

I can see the ADMIN_JWT_SECRET into a raw string instead of an environment variable

[johnbeynon]

That's provided as a default - if you set ADMIN_JWT_SECRET environment variable yourself that that default wouldn't be used.