replace ACTIVE_RECORD_ENCRYPTION with ARE to shorten secret name
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Ammar Hussein 2024-11-22 18:33:45 -08:00
parent 74109d293b
commit a919e1553b
4 changed files with 21 additions and 21 deletions

View File

@ -79,9 +79,9 @@ SECRET_OTP_SECRET_VERSION=v1
SECRET_VAPID_PRIVATE_KEY_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
SECRET_SMTP_PASSWORD_VERSION=v1
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
SECRET_ARE_PRIMARY_KEY_VERSION=v1
# Web Push
# ========

View File

@ -136,17 +136,17 @@ secrets_activerecord() {
> /tmp/activerecord.txt
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" active_record_encryption_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
abra app secret insert "$APP_NAME" are_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
echo ""
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$($grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" active_record_encryption_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
abra app secret insert "$APP_NAME" are_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
echo ""
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" active_record_encryption_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
abra app secret insert "$APP_NAME" are_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
echo ""

View File

@ -37,13 +37,13 @@ services:
- secret_key_base
- smtp_password
- vapid_private_key
- active_record_encryption_deterministic_key
- active_record_encryption_key_derivation_salt
- active_record_encryption_primary_key
- are_deterministic_key
- are_key_derivation_salt
- are_primary_key
environment: &env
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/active_record_encryption_deterministic_key
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/active_record_encryption_key_derivation_salt
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/active_record_encryption_primary_key
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/are_deterministic_key
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/are_key_derivation_salt
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/are_primary_key
- ALLOW_ACCESS_TO_HIDDEN_SERVICE
- ALTERNATE_DOMAINS
- AUTHORIZED_FETCH
@ -216,14 +216,14 @@ secrets:
smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true
active_record_encryption_deterministic_key:
name: ${STACK_NAME}_active_record_encryption_deterministic_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION}
are_deterministic_key:
name: ${STACK_NAME}_are_deterministic_key_${SECRET_ARE_DETERMINISTIC_KEY_VERSION}
external: true
active_record_encryption_key_derivation_salt:
name: ${STACK_NAME}_active_record_encryption_key_derivation_salt_${SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION}
are_key_derivation_salt:
name: ${STACK_NAME}_are_key_derivation_salt_${SECRET_ARE_KEY_DERIVATION_SALT_VERSION}
external: true
active_record_encryption_primary_key:
name: ${STACK_NAME}_active_record_encryption_primary_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION}
are_primary_key:
name: ${STACK_NAME}_are_primary_key_${SECRET_ARE_PRIMARY_KEY_VERSION}
external: true
volumes:

View File

@ -5,7 +5,7 @@ Run `abra app cmd --local <domain> secrets_activerecord` to generate and store t
You will also need to add this to your config (`abra app config <domain>`):
```
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
SECRET_ARE_PRIMARY_KEY_VERSION=v1
```