From 6ff1954bdbab3432807615c70849b181b1bef54b Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 16 Oct 2024 10:43:45 +0200 Subject: [PATCH] Change Active Record Encryption variable check to check for emptiness (#32537) --- .env.production.sample | 1 + config/initializers/active_record_encryption.rb | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.env.production.sample b/.env.production.sample index 87ea031c4c..3dd66abae4 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -50,6 +50,7 @@ OTP_SECRET= # Must be available (and set to same values) for all server processes # These are private/secret values, do not share outside hosting environment # Use `bin/rails db:encryption:init` to generate fresh secrets +# Do not change these secrets once in use, as this would cause data loss and other issues # ------------------ # ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= # ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= diff --git a/config/initializers/active_record_encryption.rb b/config/initializers/active_record_encryption.rb index c53f16d4d1..9ae28e401b 100644 --- a/config/initializers/active_record_encryption.rb +++ b/config/initializers/active_record_encryption.rb @@ -10,7 +10,9 @@ ENV[key] = SecureRandom.hex(64) end - value = ENV.fetch(key) do + value = ENV.fetch(key, '') + + if value.blank? abort <<~MESSAGE Mastodon now requires that these variables are set: