diff options
| author | Sean McGivern <sean@gitlab.com> | 2016-07-17 11:01:38 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2016-08-03 15:48:47 +0100 |
| commit | 379c2cbcbd1544a1f80135c491937dabb04821df (patch) | |
| tree | 5556613ff3f3ed598dc893e44399c816073eeca5 /config/initializers | |
| parent | 405379bbfcb7821b3dae77e5254362f2d696bb7d (diff) | |
| download | gitlab-ce-379c2cbcbd1544a1f80135c491937dabb04821df.tar.gz | |
Store all secret keys in secrets.yml
Move the last secret from .secret to config/secrets.yml, and delete
.secret if it exists.
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/secret_token.rb | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 40c93c32dca..ac99dcb59fc 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -14,36 +14,22 @@ def create_tokens secret_file = Rails.root.join('.secret') file_key = File.read(secret_file).chomp if File.exist?(secret_file) env_key = ENV['SECRET_KEY_BASE'] - secret_key_base = env_key.present? ? env_key : file_key - - if secret_key_base.blank? - secret_key_base = generate_new_secure_token - File.write(secret_file, secret_key_base) - end - - Rails.application.config.secret_key_base = secret_key_base - - otp_key_base = Rails.application.secrets.otp_key_base - db_key_base = Rails.application.secrets.db_key_base yaml_additions = {} - if otp_key_base.blank? - warn_missing_secret('otp_key_base') - - otp_key_base ||= env_key || file_key || generate_new_secure_token - yaml_additions['otp_key_base'] = otp_key_base - end - - Rails.application.secrets.otp_key_base = otp_key_base + defaults = { + secret_key_base: env_key || file_key || generate_new_secure_token, + otp_key_base: env_key || file_key || generate_new_secure_token, + db_key_base: generate_new_secure_token + } - if db_key_base.blank? - warn_missing_secret('db_key_base') + defaults.stringify_keys.each do |key, default| + if Rails.application.secrets[key].blank? + warn_missing_secret(key) - yaml_additions['db_key_base'] = db_key_base = generate_new_secure_token + yaml_additions[key] = Rails.application.secrets[key] = default + end end - Rails.application.secrets.db_key_base = db_key_base - unless yaml_additions.empty? secrets_yml = Rails.root.join('config/secrets.yml') all_secrets = YAML.load_file(secrets_yml) if File.exist?(secrets_yml) @@ -54,6 +40,12 @@ def create_tokens File.write(secrets_yml, YAML.dump(all_secrets), mode: 'w', perm: 0600) end + + begin + File.delete(secret_file) if file_key + rescue => e + warn "Error deleting useless .secret file: #{e}" + end end create_tokens |