PPM Encryption Key #71
Description
Currently we don't explicitly manage the PPM encryption key. The PPM instance manages its own key and generates a new key during version upgrades. Tokens that we give to teams for remote administration, generated with rspm create-token, become invalidated against the server's new encryption key. (Discovered via internal Slack discussion)
Instead, we should explicitly generate and manage the encryption key for the instance and set it in the PACKAGEMANAGER_ENCRYPTION_KEY env var.
Official docs: https://docs.posit.co/rspm/admin/appendix/encryption/
This way all remote administration tokens we give to folks will continue working across server upgrades.