commit 54c8c556e7c431a108e55d488c2b1debb798ef95 parent d8d8699ccb8704945f894cc94194eaf59d0dc777 Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Thu, 24 Oct 2024 23:19:49 +0200 feat(mastodon): add record encryption Diffstat:
| M | hcl/default/mastodon/templates/env.production.tmpl | | | 11 | +++++++++++ |
1 file changed, 11 insertions(+), 0 deletions(-)
diff --git a/hcl/default/mastodon/templates/env.production.tmpl b/hcl/default/mastodon/templates/env.production.tmpl @@ -48,3 +48,14 @@ SMTP_FROM_ADDRESS=no-reply@m.in0rdr.ch # ----------------------- IP_RETENTION_PERIOD=31556952 SESSION_RETENTION_PERIOD=31556952 + +# Encryption secrets +# ------------------ +# Must be available (and set to same values) for all server processes +# These are private/secret values, do not share outside hosting environment +# Use `bin/rails db:encryption:init` to generate fresh secrets +# Do not change these secrets once in use, as this would cause data loss and other issues +# ------------------ +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}}{{end}} +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}}{{end}} +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}}{{end}}