coop-cloud/mastodon
coop-cloud/mastodon
2
0
Fork 1
generated from coop-cloud/example
Code Issues 3 Pull Requests Projects Releases Wiki Activity

add command to generate activerecord secrets #16

Merged
decentral1se merged 1 commits from benjaminlyng/mastodon:docs/add_generate_secrets_command into main 2025-04-20 05:44:00 +00:00
Conversation 6 Commits 1 Files Changed 1 +1
benjaminlyng commented 2025-04-19 04:39:24 +00:00
Contributor
Copy Link

This command could probably just be called from the secrets command instead?

This command could probably just be called from the `secrets` command instead?
benjaminlyng added 1 commit 2025-04-19 04:39:24 +00:00
add command to generate activerecord secrets
Some checks failed
continuous-integration/drone/pr Build is failing
Details
1547cddb7c
benjaminlyng requested review from decentral1se 2025-04-19 04:39:24 +00:00
decentral1se commented 2025-04-19 07:18:02 +00:00
Owner
Copy Link

This command could probably just be called from the secrets command instead?

It looks pretty involved, so abra app secret generate can't produce the value it wants?

abra.sh Lines 121 to 154 in 7bb4a5d2e4
secrets_activerecord() {
set -e
docker context use default > /dev/null 2>&1
MASTO_VERSION="v4.3.1"
echo "Generating activerecord secrets for an updated deployment"
echo ""
docker run \
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
-e OTP_SECRET="$OTP_SECRET" \
--rm tootsuite/mastodon:$MASTO_VERSION \
bundle exec rake db:encryption:init \
> /tmp/activerecord.txt
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" are_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
echo ""
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$($grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" are_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
echo ""
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
abra app secret insert "$APP_NAME" are_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
echo ""
rm -rf /tmp/activerecord.txt
}

> This command could probably just be called from the secrets command instead? It looks pretty involved, so `abra app secret generate` can't produce the value it wants? https://git.coopcloud.tech/coop-cloud/mastodon/src/commit/7bb4a5d2e482575295e0b18b0b3b39f191138310/abra.sh#L121-L154
decentral1se reviewed 2025-04-19 07:18:24 +00:00
decentral1se left a comment
Owner
Copy Link

LGTM!

Are we sure that everyone has to run this generation command?

LGTM! Are we sure that everyone has to run this generation command?
benjaminlyng commented 2025-04-19 07:47:56 +00:00
Author
Contributor
Copy Link

LGTM!

Are we sure that everyone has to run this generation command?

No idea! Seems it was added to support a recent release of Mastodon. I guess everyone installing Mastodon in a version after this has to run it.

> LGTM! > > Are we sure that everyone has to run this generation command? No idea! Seems it was added to support a recent release of Mastodon. I guess everyone installing Mastodon in a version after this has to run it.
decentral1se commented 2025-04-19 08:01:38 +00:00
Owner
Copy Link

@benjaminlyng it seems not actually?

95f295ed5c

So, only when you add in compose.oidc.yml, do you need to run this command?

Maybe @ammaratef45 @3wordchant might know.

@benjaminlyng it seems not actually? https://git.coopcloud.tech/coop-cloud/mastodon/commit/95f295ed5c9174309678b6e3b8c008904b44f4fb So, only when you add in `compose.oidc.yml`, do you need to run this command? Maybe @ammaratef45 @3wordchant might know.
ammaratef45 commented 2025-04-20 01:17:19 +00:00
Owner
Copy Link

I guess everyone installing Mastodon in a version after this has to run it.

That is correct as far as I understand - https://docs.joinmastodon.org/admin/config/#db-encryption-support

> I guess everyone installing Mastodon in a version after this has to run it. That is correct as far as I understand - https://docs.joinmastodon.org/admin/config/#db-encryption-support
🚀 1
ammaratef45 approved these changes 2025-04-20 01:17:31 +00:00
decentral1se merged commit bc57af62d4 into main 2025-04-20 05:44:00 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
ammaratef45
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud decentral1se fauno flancian Frando iexos javielico kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot rix sef simon stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/mastodon#16
No description provided.
Delete Branch "benjaminlyng/mastodon:docs/add_generate_secrets_command"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?