diff --git a/templates/adventurelog/.felhom.yml b/templates/adventurelog/.felhom.yml
index d1d1dcd..9980b4e 100644
--- a/templates/adventurelog/.felhom.yml
+++ b/templates/adventurelog/.felhom.yml
@@ -37,6 +37,11 @@ deploy_fields:
     type: secret
     generate: "hex:32"
     locked_after_deploy: true
+    # Data-encrypting key: the app secures stored data with it, so it must NOT be regenerated on
+    # restore (that would render restored data unreadable). The recovery unit stays secret-free; at
+    # restore the controller recovers this key from the guest's own app.yaml (live, or via the PBS
+    # whole-guest snapshot) and FAILS CLOSED (refuse + warn) if it cannot — never silently restores.
+    data_key: true
 
   - env_var: DB_PASSWORD
     label: "Adatbázis jelszó"