The secret string Better Auth uses to sign and verify user sessions — the master key that stops anyone from faking a logged-in state. Set it as an environment variable in production, and if it ever leaks, treat every session as compromised.