Add further warnings about encryption secrets (#32476)
This commit is contained in:
parent
5ee72f0e2d
commit
ee61f7772a
2 changed files with 12 additions and 0 deletions
|
@ -20,6 +20,7 @@
|
|||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||
|
||||
Run `bin/rails db:encryption:init` to generate new secrets and then assign the environment variables.
|
||||
Do not change the secrets once they are set, as doing so may cause data loss and other issues that will be difficult or impossible to recover from.
|
||||
MESSAGE
|
||||
end
|
||||
|
||||
|
|
|
@ -7,6 +7,17 @@ namespace :db do
|
|||
namespace :encryption do
|
||||
desc 'Generate a set of keys for configuring Active Record encryption in a given environment'
|
||||
task :init do # rubocop:disable Rails/RakeEnvironment
|
||||
if %w(
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
|
||||
).any? { |key| ENV.key?(key) }
|
||||
pastel = Pastel.new
|
||||
puts pastel.red(<<~MSG)
|
||||
WARNING: It looks like encryption secrets have already been set. Please ensure you are not changing secrets for a Mastodon installation that already uses them, as this will cause data loss and other issues that are difficult to recover from.
|
||||
MSG
|
||||
end
|
||||
|
||||
puts <<~MSG
|
||||
Add the following secret environment variables to your Mastodon environment (e.g. .env.production), ensure they are shared across all your nodes and do not change them after they are set:#{' '}
|
||||
|
||||
|
|
Loading…
Reference in a new issue