Store Let's Encrypt private key in settings

Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package

* Revert "Generate Let's Encrypt private key"
  This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976.

* Add Let's Encrypt private key to settings
  as encrypted attribute

* Generate Let's Encrypt private key
  in database migration

1 files changed, 1 insertions, 6 deletions

diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb
index e24b5cbd510..9225a99a584 100644
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -39,8 +39,7 @@ def create_tokens
     secret_key_base: file_secret_key || generate_new_secure_token,
     otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
     db_key_base: generate_new_secure_token,
-    openid_connect_signing_key: generate_new_rsa_private_key,
-    lets_encrypt_private_key: generate_lets_encrypt_private_key
+    openid_connect_signing_key: generate_new_rsa_private_key
   }
 
   missing_secrets = set_missing_keys(defaults)
@@ -61,10 +60,6 @@ def generate_new_rsa_private_key
   OpenSSL::PKey::RSA.new(2048).to_pem
 end
 
-def generate_lets_encrypt_private_key
-  OpenSSL::PKey::RSA.new(4096).to_pem
-end
-
 def warn_missing_secret(secret)
   warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
 end