From 33368e3e79a6edfcaf65fd2b80b636a7c1e56e48 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 3 May 2024 11:26:24 +0200 Subject: [PATCH] Change ActiveRecordEncryption variable to be more explicit (#30151) --- config/initializers/active_record_encryption.rb | 4 ++-- lib/tasks/db.rake | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/config/initializers/active_record_encryption.rb b/config/initializers/active_record_encryption.rb index f99585b4ad..7cda8c621c 100644 --- a/config/initializers/active_record_encryption.rb +++ b/config/initializers/active_record_encryption.rb @@ -6,9 +6,9 @@ ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY ).each do |key| ENV.fetch(key) do - raise <<~MESSAGE + abort <<~MESSAGE - The ActiveRecord encryption feature requires that these variables are set: + Mastodon now requires that these variables are set: - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake index 4208c2ae4b..07de087766 100644 --- a/lib/tasks/db.rake +++ b/lib/tasks/db.rake @@ -1,6 +1,22 @@ # frozen_string_literal: true +# We are providing our own task with our own format +Rake::Task['db:encryption:init'].clear + namespace :db do + namespace :encryption do + desc 'Generate a set of keys for configuring Active Record encryption in a given environment' + task init: :environment do + puts <<~MSG + Add these environment variables to your Mastodon environment:#{' '} + + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=#{SecureRandom.alphanumeric(32)} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=#{SecureRandom.alphanumeric(32)} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=#{SecureRandom.alphanumeric(32)} + MSG + end + end + namespace :migrate do desc 'Setup the db or migrate depending on state of db' task setup: :environment do