documenso icon indicating copy to clipboard operation
documenso copied to clipboard
verified publisher icon documenso

Wrong encryption key in generated docker image

Open gavinying opened this issue 9 months ago • 2 comments

Issue Description

Current Dockerfile cannot import user-defined encryption keys.

Steps to Reproduce

  1. Generate the following encryption keys, add them in .env file.
    • NEXT_PRIVATE_ENCRYPTION_KEY
    • NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY
  2. Run ./docker/buildx.sh

Expected Behavior

The generated image shall use user-defined keys in .env file.

Current Behavior

The generated image always use the hard-coded "CAFEBABE" and "DEADBEEF" as encryption keys.

Screenshots (optional)

Image

Operating System [e.g., Windows 10]

Linux

Browser [e.g., Chrome, Firefox]

No response

Version [e.g., 2.0.1]

1.9.0

Please check the boxes that apply to this issue report.

  • [x] I have searched the existing issues to make sure this is not a duplicate.
  • [x] I have provided steps to reproduce the issue.
  • [x] I have included relevant environment information.
  • [x] I have included any relevant screenshots.
  • [ ] I understand that this is a voluntary contribution and that there is no guarantee of resolution.
  • [x] I want to work on creating a PR for this issue if approved

gavinying avatar Mar 07 '25 07:03 gavinying

Thank you for opening your first issue and for being a part of the open signing revolution!
One of our team members will review it and get back to you as soon as it possible 💚
Meanwhile, please feel free to hop into our community in Discord

github-actions[bot] avatar Mar 07 '25 07:03 github-actions[bot]

My proposal is as following,

  1. Pass in keys via --build-arg in all build scripts,
--build-arg NEXT_PRIVATE_ENCRYPTION_KEY="$NEXT_PRIVATE_ENCRYPTION_KEY" \
--build-arg NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="$NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY" \
  1. Add a docker:build script in root package.json (avoid adding a second .env file in /docker folder).
"docker:build": "npm run with:env -- ./docker/buildx.sh",

Happy to provide a PR if the team thinks ok. Thanks for sharing such a great work!

gavinying avatar Mar 07 '25 13:03 gavinying

Had this same problem even on the 1.2.0 versions. I haven't updated yet to see on the latest. It was a pain in the but. I just used the cert content option which is probably where they are going to. ( Thats a guess)

Dvalin21 avatar Jul 17 '25 05:07 Dvalin21