From 4687ff7c9be789341e82a6440234fce43f30b5be Mon Sep 17 00:00:00 2001 From: Vladimir Shushlin Date: Tue, 28 May 2019 04:47:34 +0000 Subject: Store Let's Encrypt private key in settings Storing this key in secrets.yml was a bad idea, it would require users using HA setups to manually replicate secrets across nodes during update, it also needed support from omnibus package * Revert "Generate Let's Encrypt private key" This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976. * Add Let's Encrypt private key to settings as encrypted attribute * Generate Let's Encrypt private key in database migration --- config/initializers/01_secret_token.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'config') diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb index e24b5cbd510..9225a99a584 100644 --- a/config/initializers/01_secret_token.rb +++ b/config/initializers/01_secret_token.rb @@ -39,8 +39,7 @@ def create_tokens secret_key_base: file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, db_key_base: generate_new_secure_token, - openid_connect_signing_key: generate_new_rsa_private_key, - lets_encrypt_private_key: generate_lets_encrypt_private_key + openid_connect_signing_key: generate_new_rsa_private_key } missing_secrets = set_missing_keys(defaults) @@ -61,10 +60,6 @@ def generate_new_rsa_private_key OpenSSL::PKey::RSA.new(2048).to_pem end -def generate_lets_encrypt_private_key - OpenSSL::PKey::RSA.new(4096).to_pem -end - def warn_missing_secret(secret) warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." end -- cgit v1.2.1