chart icon indicating copy to clipboard operation
chart copied to clipboard
verified publisher icon mastodon

Docs for Active Record Encryption secrets?

Open hardillb opened this issue 1 year ago • 2 comments

I've just pulled the latest version of the chart in order to do the 4.2.10 upgrade (from 4.2.6)

And it is now asking for extra secrets for ACTIVE_RECORD_ENCRYPTION

The docs imply these were added for 4.3.0 (a future release?) So it's unclear if these are really needed for 4.2.10 or if the current version of the helm chart is now only useful with nightly?

As there are not release tagged in this repo (but they are mentioned in the CHANGELOG.md) how to i get a suitable version of the helm chart to do the upgrade or should I just generate some random strings to use as the keys (if so are there any restrictios on length required?)

hardillb avatar Jul 04 '24 16:07 hardillb

Hi, I had the same question, and upon digging into Mastodon's source-code, the generation of these values seems to be as straight-forward as generating a random 32 characters alphanumeric string, see https://github.com/mastodon/mastodon/blob/e15befebbd288faeec55ef6ad323d106f4ec57e1/lib/tasks/db.rake#L9.

lowlevl avatar Oct 13 '24 09:10 lowlevl

As an additional note, we can generate them also just with something like openssl rand 24 | base64

xvilo avatar Feb 14 '25 22:02 xvilo

Ah yeah that's definitely an oversight. There's an easy command you can use to generate the secrets you need:

bundle exec rake db:encryption:init

I'll get the documentation updated, and then close this~

timetinytim avatar Oct 17 '25 13:10 timetinytim