diff options
-rw-r--r-- | config/initializers/01_secret_token.rb | 7 | ||||
-rw-r--r-- | spec/initializers/secret_token_spec.rb | 11 |
2 files changed, 17 insertions, 1 deletions
diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb index 02bded43083..4328ca509ba 100644 --- a/config/initializers/01_secret_token.rb +++ b/config/initializers/01_secret_token.rb @@ -28,7 +28,8 @@ def create_tokens secret_key_base: file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, db_key_base: generate_new_secure_token, - openid_connect_signing_key: generate_new_rsa_private_key + openid_connect_signing_key: generate_new_rsa_private_key, + lets_encrypt_private_key: generate_lets_encrypt_private_key } missing_secrets = set_missing_keys(defaults) @@ -49,6 +50,10 @@ def generate_new_rsa_private_key OpenSSL::PKey::RSA.new(2048).to_pem end +def generate_lets_encrypt_private_key + OpenSSL::PKey::RSA.new(4096).to_pem +end + def warn_missing_secret(secret) warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." end diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb index 726ce07a2d1..77bc28a6b07 100644 --- a/spec/initializers/secret_token_spec.rb +++ b/spec/initializers/secret_token_spec.rb @@ -45,11 +45,21 @@ describe 'create_tokens' do expect(keys).to all(match(RSA_KEY)) end + it "generates private key for Let's Encrypt" do + create_tokens + + keys = secrets.values_at(:lets_encrypt_private_key) + + expect(keys.uniq).to eq(keys) + expect(keys).to all(match(RSA_KEY)) + end + it 'warns about the secrets to add to secrets.yml' do expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base') expect(self).to receive(:warn_missing_secret).with('db_key_base') expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key') + expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key') create_tokens end @@ -78,6 +88,7 @@ describe 'create_tokens' do before do secrets.db_key_base = 'db_key_base' secrets.openid_connect_signing_key = 'openid_connect_signing_key' + secrets.lets_encrypt_private_key = 'lets_encrypt_private_key' allow(File).to receive(:exist?).with('.secret').and_return(true) allow(File).to receive(:read).with('.secret').and_return('file_key') |