nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 54c8c556e7c431a108e55d488c2b1debb798ef95
parent d8d8699ccb8704945f894cc94194eaf59d0dc777
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Thu, 24 Oct 2024 23:19:49 +0200

feat(mastodon): add record encryption

Diffstat:
Mhcl/default/mastodon/templates/env.production.tmpl | 11+++++++++++
1 file changed, 11 insertions(+), 0 deletions(-)

diff --git a/hcl/default/mastodon/templates/env.production.tmpl b/hcl/default/mastodon/templates/env.production.tmpl @@ -48,3 +48,14 @@ SMTP_FROM_ADDRESS=no-reply@m.in0rdr.ch # ----------------------- IP_RETENTION_PERIOD=31556952 SESSION_RETENTION_PERIOD=31556952 + +# Encryption secrets +# ------------------ +# Must be available (and set to same values) for all server processes +# These are private/secret values, do not share outside hosting environment +# Use `bin/rails db:encryption:init` to generate fresh secrets +# Do not change these secrets once in use, as this would cause data loss and other issues +# ------------------ +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}}{{end}} +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}}{{end}} +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{with secret "kv/mastodon"}}{{index .Data.data.ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}}{{end}}