Generate CR encryption key during package installation
|Assigned To:||Dominic Cleal|
|Target version:||Sprint 22|
|Found in release:||Pull request:|
|Velocity based estimate||-|
In #2424, compute resource passwords gained the ability to be encrypted. This requires that a key is generated and existing passwords are encrypted via the new rake tasks.
rake security:generate_encryption_key # Generate new encryption key
rake db:compute_resources:decrypt # Decrypt compute resource fields
rake db:compute_resources:encrypt # Encrypt compute resource fields
The generate task creates a key at
~foreman/config/initializers/encryption_key.rb but I suggest for the purposes of packaging, we move this to /etc/foreman after it's created and symlink it back into place. Ensure permissions are tight.
#9 Updated by Dominic Cleal almost 4 years ago
RPMs to follow.