mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-23 00:30:57 +01:00
Add further warnings about encryption secrets (#32476)
This commit is contained in:
parent
cc70acc11c
commit
ffa1032381
2 changed files with 12 additions and 0 deletions
|
@ -20,6 +20,7 @@
|
||||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||||
|
|
||||||
Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables.
|
Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables.
|
||||||
|
Do not change the secrets once they are set, as doing so may cause data loss and other issues that will be difficult or impossible to recover from.
|
||||||
MESSAGE
|
MESSAGE
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,17 @@ namespace :db do
|
||||||
namespace :encryption do
|
namespace :encryption do
|
||||||
desc 'Generate a set of keys for configuring Active Record encryption in a given environment'
|
desc 'Generate a set of keys for configuring Active Record encryption in a given environment'
|
||||||
task :init do # rubocop:disable Rails/RakeEnvironment
|
task :init do # rubocop:disable Rails/RakeEnvironment
|
||||||
|
if %w(
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||||
|
).any? { |key| ENV.key?(key) }
|
||||||
|
pastel = Pastel.new
|
||||||
|
puts pastel.red(<<~MSG)
|
||||||
|
WARNING: It looks like encryption secrets have already been set. Please ensure you are not changing secrets for a Mastodon installation that already uses them, as this will cause data loss and other issues that are difficult to recover from.
|
||||||
|
MSG
|
||||||
|
end
|
||||||
|
|
||||||
puts <<~MSG
|
puts <<~MSG
|
||||||
Add the following secret environment variables to your Mastodon environment (e.g. .env.production), ensure they are shared across all your nodes and do not change them after they are set:#{' '}
|
Add the following secret environment variables to your Mastodon environment (e.g. .env.production), ensure they are shared across all your nodes and do not change them after they are set:#{' '}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue