Generate CR encryption key during package installation
|Triaged:||Fixed in Releases:|
|Bugzilla link:||Found in Releases:|
In #2424, compute resource passwords gained the ability to be encrypted. This requires that a key is generated and existing passwords are encrypted via the new rake tasks.
rake security:generate_encryption_key # Generate new encryption key
rake db:compute_resources:decrypt # Decrypt compute resource fields
rake db:compute_resources:encrypt # Encrypt compute resource fields
The generate task creates a key at
~foreman/config/initializers/encryption_key.rb but I suggest for the purposes of packaging, we move this to /etc/foreman after it's created and symlink it back into place. Ensure permissions are tight.
#9 Updated by Dominic Cleal over 4 years ago
RPMs to follow.