diff options
Diffstat (limited to 'config/initializers/01_secret_token.rb')
-rw-r--r-- | config/initializers/01_secret_token.rb | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb index 02bded43083..e24b5cbd510 100644 --- a/config/initializers/01_secret_token.rb +++ b/config/initializers/01_secret_token.rb @@ -1,3 +1,14 @@ +# WARNING: If you add a new secret to this file, make sure you also +# update Omnibus GitLab or updates will fail. Omnibus is responsible for +# writing the `secrets.yml` file. If Omnibus doesn't know about a +# secret, Rails will attempt to write to the file, but this will fail +# because Rails doesn't have write access. +# +# As an example: +# * https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27581 +# * https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/3267 +# +# # This file needs to be loaded BEFORE any initializers that attempt to # prepend modules that require access to secrets (e.g. EE's 0_as_concern.rb). # @@ -28,7 +39,8 @@ def create_tokens secret_key_base: file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, db_key_base: generate_new_secure_token, - openid_connect_signing_key: generate_new_rsa_private_key + openid_connect_signing_key: generate_new_rsa_private_key, + lets_encrypt_private_key: generate_lets_encrypt_private_key } missing_secrets = set_missing_keys(defaults) @@ -49,6 +61,10 @@ def generate_new_rsa_private_key OpenSSL::PKey::RSA.new(2048).to_pem end +def generate_lets_encrypt_private_key + OpenSSL::PKey::RSA.new(4096).to_pem +end + def warn_missing_secret(secret) warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." end |