Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Add emphasis on ActiveRecord Encryption configuration values being secret (#30340)

Browse source
This commit is contained in:
Claire 2024-05-17 11:28:40 +02:00 committed by GitHub
parent a627219b25
commit 12472e7f40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
config/initializers/active_record_encryption.rb
View file

@ -5,7 +5,7 @@
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
).each do |key|
ENV.fetch(key) do
value = ENV.fetch(key) do
abort <<~MESSAGE
Mastodon now requires that these variables are set:
@ -14,9 +14,18 @@
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
Run `bin/rails db:encryption:init` to generate values and then assign the environment variables.
Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables.
MESSAGE
end
next unless Rails.env.production? && value.end_with?('DO_NOT_USE_IN_PRODUCTION')
abort <<~MESSAGE
It looks like you are trying to run Mastodon in production with a #{key} value from the test environment.
Please generate fresh secrets using `bin/rails db:encryption:init` and use them instead.
MESSAGE
end
Rails.application.configure do