summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/initializers/01_secret_token.rb7
-rw-r--r--spec/initializers/secret_token_spec.rb11
2 files changed, 17 insertions, 1 deletions
diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb
index 02bded43083..4328ca509ba 100644
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -28,7 +28,8 @@ def create_tokens
secret_key_base: file_secret_key || generate_new_secure_token,
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
db_key_base: generate_new_secure_token,
- openid_connect_signing_key: generate_new_rsa_private_key
+ openid_connect_signing_key: generate_new_rsa_private_key,
+ lets_encrypt_private_key: generate_lets_encrypt_private_key
}
missing_secrets = set_missing_keys(defaults)
@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
OpenSSL::PKey::RSA.new(2048).to_pem
end
+def generate_lets_encrypt_private_key
+ OpenSSL::PKey::RSA.new(4096).to_pem
+end
+
def warn_missing_secret(secret)
warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
end
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index 726ce07a2d1..77bc28a6b07 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -45,11 +45,21 @@ describe 'create_tokens' do
expect(keys).to all(match(RSA_KEY))
end
+ it "generates private key for Let's Encrypt" do
+ create_tokens
+
+ keys = secrets.values_at(:lets_encrypt_private_key)
+
+ expect(keys.uniq).to eq(keys)
+ expect(keys).to all(match(RSA_KEY))
+ end
+
it 'warns about the secrets to add to secrets.yml' do
expect(self).to receive(:warn_missing_secret).with('secret_key_base')
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
expect(self).to receive(:warn_missing_secret).with('db_key_base')
expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
+ expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key')
create_tokens
end
@@ -78,6 +88,7 @@ describe 'create_tokens' do
before do
secrets.db_key_base = 'db_key_base'
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+ secrets.lets_encrypt_private_key = 'lets_encrypt_private_key'
allow(File).to receive(:exist?).with('.secret').and_return(true)
allow(File).to receive(:read).with('.secret').and_return('file_key')