Store Let's Encrypt private key in settings

Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package

* Revert "Generate Let's Encrypt private key"
  This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976.

* Add Let's Encrypt private key to settings
  as encrypted attribute

* Generate Let's Encrypt private key
  in database migration

1 files changed, 20 insertions, 0 deletions

diff --git a/spec/migrations/generate_lets_encrypt_private_key_spec.rb b/spec/migrations/generate_lets_encrypt_private_key_spec.rb
new file mode 100644
index 00000000000..f47cc0c36ef
--- /dev/null
+++ b/spec/migrations/generate_lets_encrypt_private_key_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+require Rails.root.join('db', 'migrate', '20190524062810_generate_lets_encrypt_private_key.rb')
+
+describe GenerateLetsEncryptPrivateKey, :migration do
+  describe '#up' do
+    let(:applications_settings) { table(:applications_settings) }
+
+    it 'generates RSA private key and saves it in application settings' do
+      application_setting = described_class::ApplicationSetting.create!
+
+      described_class.new.up
+      application_setting.reload
+
+      expect(application_setting.lets_encrypt_private_key).to be_present
+      expect do
+        OpenSSL::PKey::RSA.new(application_setting.lets_encrypt_private_key)
+      end.not_to raise_error
+    end
+  end
+end