Skip to content

Commit f5f6f67

Browse files
brianjaustinbrianjaustin
authored
AO3-7427 Use config file for activerecord encryption config (#5801)
1 parent 6c32fe2 commit f5f6f67

4 files changed

Lines changed: 8 additions & 13 deletions

File tree

.github/workflows/automated-tests.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,6 @@ jobs:
2222
env:
2323
CI: true
2424
RAILS_ENV: test
25-
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: bEZjYLY9tCYGh6WlcMtEJpIi7GO2plZC
26-
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: PpLWizzsQHIWnIihtECw8nDHZQd0amzf
27-
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 3S99KdpdEWLnCYudBgUfdCFDBWePWCud
2825
TEST_GROUP: ${{ matrix.tests.command }} ${{ matrix.tests.arguments }}
2926
CUCUMBER_RETRY: 1
3027
CUCUMBER_FORMAT: Ao3Cucumber::Formatter

config/application.rb

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -90,10 +90,9 @@ class Application < Rails::Application
9090
BCrypt::Password
9191
]
9292

93-
# Set admin two-factor authentication keys
94-
config.active_record.encryption.primary_key = ENV["ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"]
95-
config.active_record.encryption.deterministic_key = ENV["ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"]
96-
config.active_record.encryption.key_derivation_salt = ENV["ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"]
93+
config.active_record.encryption.primary_key = ArchiveConfig.ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
94+
config.active_record.encryption.deterministic_key = ArchiveConfig.ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
95+
config.active_record.encryption.key_derivation_salt = ArchiveConfig.ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
9796

9897
# handle errors with custom error pages:
9998
config.exceptions_app = self.routes

config/config.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -805,3 +805,8 @@ PSEUD_SHARDS: 5
805805
TAG_SHARDS: 5
806806
USER_SHARDS: 5
807807
WORKS_SHARDS: 5
808+
809+
# Placeholder values for active record encryption. THESE MUST BE OVERRIDDEN FOR PRODUCTION DEPLOYMENTS!
810+
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: bEZjYLY9tCYGh6WlcMtEJpIi7GO2plZC
811+
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: PpLWizzsQHIWnIihtECw8nDHZQd0amzf
812+
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 3S99KdpdEWLnCYudBgUfdCFDBWePWCud

docker-compose.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,6 @@ services:
7878
CODESPACES: ${CODESPACES:-}
7979
CODESPACE_NAME: ${CODESPACE_NAME:-}
8080
GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN: ${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN:-}
81-
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: bEZjYLY9tCYGh6WlcMtEJpIi7GO2plZC
82-
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: PpLWizzsQHIWnIihtECw8nDHZQd0amzf
83-
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 3S99KdpdEWLnCYudBgUfdCFDBWePWCud
8481
command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'"
8582
volumes:
8683
- .:/otwa
@@ -124,9 +121,6 @@ services:
124121
dockerfile: ./config/docker/Dockerfile
125122
environment:
126123
- RAILS_ENV=test
127-
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=bEZjYLY9tCYGh6WlcMtEJpIi7GO2plZC
128-
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=PpLWizzsQHIWnIihtECw8nDHZQd0amzf
129-
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=3S99KdpdEWLnCYudBgUfdCFDBWePWCud
130124
- CHROME_URL=http://chrome:4444
131125
- DOCKER=true
132126
- CAPYBARA_PORT=5100

0 commit comments

Comments
 (0)