diff --git a/config/initializers/active_record_encryption.rb b/config/initializers/active_record_encryption.rb index f99585b4a..7cda8c621 100644 --- a/config/initializers/active_record_encryption.rb +++ b/config/initializers/active_record_encryption.rb @@ -6,9 +6,9 @@ ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY ).each do |key| ENV.fetch(key) do - raise <<~MESSAGE + abort <<~MESSAGE - The ActiveRecord encryption feature requires that these variables are set: + Mastodon now requires that these variables are set: - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake index 4208c2ae4..07de08776 100644 --- a/lib/tasks/db.rake +++ b/lib/tasks/db.rake @@ -1,6 +1,22 @@ # frozen_string_literal: true +# We are providing our own task with our own format +Rake::Task['db:encryption:init'].clear + namespace :db do + namespace :encryption do + desc 'Generate a set of keys for configuring Active Record encryption in a given environment' + task init: :environment do + puts <<~MSG + Add these environment variables to your Mastodon environment:#{' '} + + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=#{SecureRandom.alphanumeric(32)} + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=#{SecureRandom.alphanumeric(32)} + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=#{SecureRandom.alphanumeric(32)} + MSG + end + end + namespace :migrate do desc 'Setup the db or migrate depending on state of db' task setup: :environment do