chore: add new csrf path and scheduler

apps/api/src/config/env.ts

@@ -36,6 +36,7 @@ export let env = {
     jwtKidPath: p.VAULT_JWT_KID_PATH || 'jwt/kid',
     jwtKidsPrefix: p.VAULT_JWT_KIDS_PREFIX || 'jwt/kids',
     csrfSecretPath: p.VAULT_CSRF_SECRET_PATH || 'cryptowallet/csrf',
+    secretsRefreshMs: parseInt(p.VAULT_SECRETS_REFRESH_MS || '3600000', 10),
   },
   csrf: {
     cookieSecure: p.CSRF_COOKIE_SECURE === 'true',
@@ -86,6 +87,7 @@ export function getVaultToken(): string | null {
   return vaultToken;
 }
 
+
 export async function initEnv(): Promise<void> {
   const { addr, roleId, secretId, mount, secretPath } = env.vault;
 
@@ -111,7 +113,7 @@ export async function initEnv(): Promise<void> {
 
   logger.info('Loaded DB secrets from Vault');
 
-  const maybeCsrf = secrets.CSRF_SECRET_KEY;
+  const maybeCsrf = secrets.CSRF_SECRET_KEY || secrets.key;
   if (maybeCsrf && maybeCsrf.length >= 32) {
     const mod = await import('../services/csrf.service');
     mod.setCsrfSigningKey(maybeCsrf);