diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-05-28 04:47:34 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-05-28 04:47:34 +0000 |
commit | 4687ff7c9be789341e82a6440234fce43f30b5be (patch) | |
tree | 59b72fafa974c92af04590e7fc3b64c6536aef70 /spec/initializers | |
parent | af43970834b911242eecf9b7c815faf0f6b50048 (diff) | |
download | gitlab-ce-4687ff7c9be789341e82a6440234fce43f30b5be.tar.gz |
Store Let's Encrypt private key in settings
Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package
* Revert "Generate Let's Encrypt private key"
This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976.
* Add Let's Encrypt private key to settings
as encrypted attribute
* Generate Let's Encrypt private key
in database migration
Diffstat (limited to 'spec/initializers')
-rw-r--r-- | spec/initializers/secret_token_spec.rb | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb index 77bc28a6b07..726ce07a2d1 100644 --- a/spec/initializers/secret_token_spec.rb +++ b/spec/initializers/secret_token_spec.rb @@ -45,21 +45,11 @@ describe 'create_tokens' do expect(keys).to all(match(RSA_KEY)) end - it "generates private key for Let's Encrypt" do - create_tokens - - keys = secrets.values_at(:lets_encrypt_private_key) - - expect(keys.uniq).to eq(keys) - expect(keys).to all(match(RSA_KEY)) - end - it 'warns about the secrets to add to secrets.yml' do expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base') expect(self).to receive(:warn_missing_secret).with('db_key_base') expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key') - expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key') create_tokens end @@ -88,7 +78,6 @@ describe 'create_tokens' do before do secrets.db_key_base = 'db_key_base' secrets.openid_connect_signing_key = 'openid_connect_signing_key' - secrets.lets_encrypt_private_key = 'lets_encrypt_private_key' allow(File).to receive(:exist?).with('.secret').and_return(true) allow(File).to receive(:read).with('.secret').and_return('file_key') |