From 07f305fe820171f023f16e7c77bc06ff06e775f7 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Wed, 17 Apr 2024 05:35:17 -0400
Subject: [PATCH] Add doc for AR encryption env vars (#1427)

---
 content/en/admin/config.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/content/en/admin/config.md b/content/en/admin/config.md
index cf53b5ab..a4244056 100644
--- a/content/en/admin/config.md
+++ b/content/en/admin/config.md
@@ -868,6 +868,19 @@ This setting has no relation to which users are considered active for the purpos
 
 This variable only has any effect when running `rake db:migrate` and it is extremely specific to the Mastodon upgrade process. There are two types of database migrations, those that run before new code is deployed and running, and those that run after. By default, both types of migrations are executed. If you shut down all Mastodon processes before running migrations, then there is no difference. The variable makes sense for zero-downtime upgrades. You will see in the upgrade instructions of a specific Mastodon version if you need to use it or not.
 
+### DB Encryption support
+
+These three environment variables must be set to enable the Active Record
+Encryption feature within Rails that Mastodon uses to encrypt and decrypt some
+database attributes.
+
+- `ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY`
+- `ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY`
+- `ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT`
+
+**Version history:**\
+4.3.0 - added
+
 ### Uncategorized or unsorted
 
 #### `BUNDLE_GEMFILE`