forked from mirrors/catstodon
Change ActiveRecordEncryption variable to be more explicit (#30151)
This commit is contained in:
parent
9aa31be8d3
commit
33368e3e79
2 changed files with 18 additions and 2 deletions
|
@ -6,9 +6,9 @@
|
||||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||||
).each do |key|
|
).each do |key|
|
||||||
ENV.fetch(key) do
|
ENV.fetch(key) do
|
||||||
raise <<~MESSAGE
|
abort <<~MESSAGE
|
||||||
|
|
||||||
The ActiveRecord encryption feature requires that these variables are set:
|
Mastodon now requires that these variables are set:
|
||||||
|
|
||||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
||||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
||||||
|
|
|
@ -1,6 +1,22 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
# We are providing our own task with our own format
|
||||||
|
Rake::Task['db:encryption:init'].clear
|
||||||
|
|
||||||
namespace :db do
|
namespace :db do
|
||||||
|
namespace :encryption do
|
||||||
|
desc 'Generate a set of keys for configuring Active Record encryption in a given environment'
|
||||||
|
task init: :environment do
|
||||||
|
puts <<~MSG
|
||||||
|
Add these environment variables to your Mastodon environment:#{' '}
|
||||||
|
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=#{SecureRandom.alphanumeric(32)}
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=#{SecureRandom.alphanumeric(32)}
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=#{SecureRandom.alphanumeric(32)}
|
||||||
|
MSG
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
namespace :migrate do
|
namespace :migrate do
|
||||||
desc 'Setup the db or migrate depending on state of db'
|
desc 'Setup the db or migrate depending on state of db'
|
||||||
task setup: :environment do
|
task setup: :environment do
|
||||||
|
|
Loading…
Reference in a new issue