Skip to content

Commit

Permalink
Set secret key file mode during fresh installation
Browse files Browse the repository at this point in the history
  • Loading branch information
@felixsch
felixsch committed Jan 4, 2024
1 parent 40dd490 commit 215adf8
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions lib/tasks/encrypted_key.rake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,17 @@ namespace :rmt do

Rails::Generators::EncryptionKeyFileGenerator
.new.add_key_file('config/secrets.yml.key')

FileUtils.chmod(0o640, 'config/secrets.yml.key')
end

desc 'Create the `secret_key_base` for Rails'
task create_secret_key_base: :environment do
Rails::Secrets.write(
{ 'production' => { 'secret_key_base' => SecureRandom.hex(64) } }.to_yaml
)

FileUtils.chmod(0o640, 'config/secrets.yml.enc')
end
end
end
2 changes: 1 addition & 1 deletion package/files/update_rmt_app_dir_permissions.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ fi
# Change secrets encrypted and key files to nginx readable
secret_key_files=('config/secrets.yml.key' 'config/secrets.yml.enc')

for secretFile in $secret_key_files; do
for secretFile in ${secret_key_files[@]}; do
file_path="$app_dir/$secretFile"
if [[ -e $file_path ]]; then
if [[ "$(stat -c "%U %G" $file_path)" == "root root" ]]; then
Expand Down

0 comments on commit 215adf8

Please sign in to comment.