From 5b3b0c8885e550df08cd49bfd46f54b4e8e26839 Mon Sep 17 00:00:00 2001 From: Vincent Pochet Date: Tue, 14 Jun 2022 12:25:14 +0200 Subject: [PATCH] misc: Update config for active record encryption (#45) --- .gitignore | 1 + docker-compose.dev.yml | 9 +++++++++ docker-compose.yml | 9 +++++++++ 3 files changed, 19 insertions(+) diff --git a/.gitignore b/.gitignore index fdfc0ec..7a0a6da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /traefik/certs/* *.code-workspace +.env diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index a2af671..7002317 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -89,6 +89,9 @@ services: - REDIS_URL=redis://redis:6379 - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64} - LAGO_FRONT_URL=${FRONT_URL:-https://app.lago.dev} + - ENCRYPTION_PRIMARY_KEY=${ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt} labels: - "traefik.enable=true" - "traefik.http.routers.api_http.rule=Host(`api.lago.dev`)" @@ -116,6 +119,9 @@ services: - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@db:5432/${POSTGRES_DB:-lago} - REDIS_URL=redis://redis:6379 - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64} + - ENCRYPTION_PRIMARY_KEY=${ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt} api-clock: image: api @@ -132,3 +138,6 @@ services: - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@db:5432/${POSTGRES_DB:-lago} - REDIS_URL=redis://redis:6379 - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64} + - ENCRYPTION_PRIMARY_KEY=${ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt} diff --git a/docker-compose.yml b/docker-compose.yml index be2fef3..bef045c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,6 +45,9 @@ services: - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost} - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded - LAGO_SIDEKIQ_WEB=${LAGO_SIDEKIQ_WEB} + - ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt} ports: - ${API_PORT:-3000}:3000 @@ -76,6 +79,9 @@ services: - RAILS_ENV=production - SENTRY_DSN=${SENTRY_DSN} - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded + - ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt} api-clock: container_name: lago-clock @@ -92,3 +98,6 @@ services: - RAILS_ENV=production - SENTRY_DSN=${SENTRY_DSN} - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded + - ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encrpytion-primary-key} + - ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encrpytion-deterministic-key} + - ENCRYPTION_KEY_DERIVATION_SALT={LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encrpytion-derivation-salt}