Reject master keys shorter than 16 bytes in production

text/0085-api-keys.md

@@ -41,15 +41,16 @@ At the first launch of Meilisearch with a master key, Meilisearch automatically
 
 If the master key is removed at Meilisearch launch, the previously generated API keys no longer secure the Meilisearch instance.
 
-If Meilisearch is launched with the `production` value for the `MEILI_ENV` environment variable or the `--env` CLI option, a master key is mandatory. If the master key is omitted in that particular case, Meilisearch launch is aborted and displays an error:
+If Meilisearch is launched with the `production` value for the `MEILI_ENV` environment variable or the `--env` CLI option, a master key of at least 16 characters is mandatory. If the master key is omitted in that particular case, or is too short, Meilisearch launch is aborted and displays an error:
 
-`Error: In production mode, the environment variable MEILI_MASTER_KEY is mandatory`
+- `Error: In production mode, the environment variable MEILI_MASTER_KEY is mandatory` if the key is omitted.
+- `Error: In production mode, the Master Key must be of at least 16 characters, but the provided key is only :numChars characters long` if the key is too short (`numChars` is inferred in the error message).
 
 The master key must be composed of valid utf-8 characters. It is advisable to enclose it in `'` when specified via the `--master-key` option.
 
 > 🚨 The master key should never be exposed to the public as it may compromise a Meilisearch instance.
 
-> 🚨 If the value of the master key changes, all the previously generated `API Keys` changes, thus allows to invalidate the set of API keys previously generated by regenerating a different value for their `key` field. This is particularly useful in the case where the master key might have been leaked and the user need to re-generate the whole set of keys at once to re-secure the instance.
+> 🚨 If the value of the master key changes, all the previously generated `API Keys` changes, thus allowing to invalidate the set of API keys previously generated by regenerating a different value for their `key` field. This is particularly useful in the case where the master key might have been leaked and the user needs to re-generate the whole set of keys at once to re-secure the instance.
 
 > The master key does not appear on the `/keys` endpoints and can't be used to authorize requests other than on the `/keys` endpoint.
 

text/0119-instance-options.md

@@ -142,12 +142,13 @@ Configures the instance's environment. Value must be either `production` or `dev
 
 `production`:
 
-- Setting a master key is **mandatory**
+- Setting a master key of at least 16 characters is **mandatory**
 - The search preview interface is disabled
 
 `development`:
 
 - Setting a master key is **optional**
+- Setting a master key of at least 16 characters is **optional**
 - Search preview is enabled
 
 #### 3.3.3. HTTP address & port binding
@@ -170,7 +171,7 @@ Sets the instance's master key, automatically protecting all routes except [`GET
 
 You must supply an alphanumeric string when using this option.
 
-Providing a master key is mandatory when `--env` is set to `production`; if none is given, then Meilisearch will throw an error and refuse to launch.
+Providing a master key of at least 16 characters is mandatory when `--env` is set to `production`; if none is given, or if it is too short, then Meilisearch will throw an error and refuse to launch.
 
 If no master key is provided in a `development` environment, all routes will be unprotected and publicly accessible.
 
@@ -476,4 +477,3 @@ N/A
 
 - Redo the command-line to create a more interactive CLI
 - Autocomplete for the options when using the Meilisearch CLI
-- Minimal requirement when setting the master key, for example, a minimal number of characters