mirror of https://github.com/mastodon/mastodon
Encrypted key values in env files
This commit is contained in:
parent
50d0dc9138
commit
700e9040b2
|
@ -87,10 +87,14 @@ Rails.application.configure do
|
|||
# Otherwise, use letter_opener, which launches a browser window to view sent mail.
|
||||
config.action_mailer.delivery_method = ENV['HEROKU'] || ENV['VAGRANT'] || ENV['REMOTE_DEV'] ? :letter_opener_web : :letter_opener
|
||||
|
||||
# We provide a default secret for the development environment here.
|
||||
# This value should not be used in production environments!
|
||||
# TODO: Remove once devise-two-factor data migration complete
|
||||
config.x.otp_secret = ENV.fetch('OTP_SECRET', '1fc2b87989afa6351912abeebe31ffc5c476ead9bf8b3d74cbc4a302c7b69a45b40b1bbef3506ddad73e942e15ed5ca4b402bf9a66423626051104f4b5f05109')
|
||||
|
||||
# Hard code default values for development env, must change in production
|
||||
config.active_record.encryption.primary_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY', 'PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr')
|
||||
config.active_record.encryption.deterministic_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY', 'fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR')
|
||||
config.active_record.encryption.key_derivation_salt = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT', 'r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E')
|
||||
|
||||
# Raise error when a before_action's only/except options reference missing actions
|
||||
config.action_controller.raise_on_missing_callback_actions = true
|
||||
end
|
||||
|
|
|
@ -157,8 +157,14 @@ Rails.application.configure do
|
|||
'Referrer-Policy' => 'same-origin',
|
||||
}
|
||||
|
||||
# TODO: Remove once devise-two-factor data migration complete
|
||||
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
||||
|
||||
# Supports ActiveRecord encryption used by devise-two-factor
|
||||
config.active_record.encryption.primary_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY')
|
||||
config.active_record.encryption.deterministic_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY')
|
||||
config.active_record.encryption.key_derivation_salt = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT')
|
||||
|
||||
# Enable DNS rebinding protection and other `Host` header attacks.
|
||||
# config.hosts = [
|
||||
# "example.com", # Allow requests from example.com
|
||||
|
|
|
@ -44,8 +44,14 @@ Rails.application.configure do
|
|||
# Print deprecation notices to the stderr.
|
||||
config.active_support.deprecation = :stderr
|
||||
|
||||
# TODO: Remove once devise-two-factor data migration complete
|
||||
config.x.otp_secret = '100c7faeef00caa29242f6b04156742bf76065771fd4117990c4282b8748ff3d99f8fdae97c982ab5bd2e6756a159121377cce4421f4a8ecd2d67bd7749a3fb4'
|
||||
|
||||
# Hard coded default values for test env, must change in production
|
||||
config.active_record.encryption.primary_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY', 'PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr')
|
||||
config.active_record.encryption.deterministic_key = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY', 'fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR')
|
||||
config.active_record.encryption.key_derivation_salt = ENV.fetch('ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT', 'r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E')
|
||||
|
||||
# Generate random VAPID keys
|
||||
vapid_key = Webpush.generate_key
|
||||
config.x.vapid_private_key = vapid_key.private_key
|
||||
|
|
Loading…
Reference in New Issue