generated from coop-cloud/example
replace ACTIVE_RECORD_ENCRYPTION with ARE to shorten secret name
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
74109d293b
commit
a919e1553b
@ -79,9 +79,9 @@ SECRET_OTP_SECRET_VERSION=v1
|
||||
SECRET_VAPID_PRIVATE_KEY_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
|
||||
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
|
||||
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
|
||||
SECRET_ARE_PRIMARY_KEY_VERSION=v1
|
||||
|
||||
# Web Push
|
||||
# ========
|
||||
|
6
abra.sh
6
abra.sh
@ -136,17 +136,17 @@ secrets_activerecord() {
|
||||
> /tmp/activerecord.txt
|
||||
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
||||
abra app secret insert "$APP_NAME" active_record_encryption_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
||||
abra app secret insert "$APP_NAME" are_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
||||
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
||||
echo ""
|
||||
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$($grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
|
||||
abra app secret insert "$APP_NAME" active_record_encryption_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
||||
abra app secret insert "$APP_NAME" are_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
||||
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
||||
echo ""
|
||||
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
||||
abra app secret insert "$APP_NAME" active_record_encryption_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
||||
abra app secret insert "$APP_NAME" are_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
||||
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
||||
echo ""
|
||||
|
||||
|
24
compose.yml
24
compose.yml
@ -37,13 +37,13 @@ services:
|
||||
- secret_key_base
|
||||
- smtp_password
|
||||
- vapid_private_key
|
||||
- active_record_encryption_deterministic_key
|
||||
- active_record_encryption_key_derivation_salt
|
||||
- active_record_encryption_primary_key
|
||||
- are_deterministic_key
|
||||
- are_key_derivation_salt
|
||||
- are_primary_key
|
||||
environment: &env
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/active_record_encryption_deterministic_key
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/active_record_encryption_key_derivation_salt
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/active_record_encryption_primary_key
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/are_deterministic_key
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/are_key_derivation_salt
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/are_primary_key
|
||||
- ALLOW_ACCESS_TO_HIDDEN_SERVICE
|
||||
- ALTERNATE_DOMAINS
|
||||
- AUTHORIZED_FETCH
|
||||
@ -216,14 +216,14 @@ secrets:
|
||||
smtp_password:
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
external: true
|
||||
active_record_encryption_deterministic_key:
|
||||
name: ${STACK_NAME}_active_record_encryption_deterministic_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION}
|
||||
are_deterministic_key:
|
||||
name: ${STACK_NAME}_are_deterministic_key_${SECRET_ARE_DETERMINISTIC_KEY_VERSION}
|
||||
external: true
|
||||
active_record_encryption_key_derivation_salt:
|
||||
name: ${STACK_NAME}_active_record_encryption_key_derivation_salt_${SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION}
|
||||
are_key_derivation_salt:
|
||||
name: ${STACK_NAME}_are_key_derivation_salt_${SECRET_ARE_KEY_DERIVATION_SALT_VERSION}
|
||||
external: true
|
||||
active_record_encryption_primary_key:
|
||||
name: ${STACK_NAME}_active_record_encryption_primary_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION}
|
||||
are_primary_key:
|
||||
name: ${STACK_NAME}_are_primary_key_${SECRET_ARE_PRIMARY_KEY_VERSION}
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
|
@ -5,7 +5,7 @@ Run `abra app cmd --local <domain> secrets_activerecord` to generate and store t
|
||||
You will also need to add this to your config (`abra app config <domain>`):
|
||||
|
||||
```
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
|
||||
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
|
||||
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
|
||||
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
|
||||
SECRET_ARE_PRIMARY_KEY_VERSION=v1
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user