QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-07 06:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Support encryption keys via environment variables in managed mode (#762)

Browse Source 
The encryption initializer previously only supported environment variables
in self-hosted mode. In managed mode, it expected encryption credentials
to exist in Rails.application.credentials, which would cause boot failures
if they were missing.

This change updates the encryption configuration to support environment
variables in both managed and self-hosted modes:

- Environment variables (ACTIVE_RECORD_ENCRYPTION_*) now work in both modes
- Priority: env vars > auto-generation (self-hosted only) > credentials
- Updated documentation in .env.example and Helm chart README

This allows managed mode deployments to provide encryption keys via
environment variables instead of requiring Rails credentials.

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Juan José Mata
2026-01-24 12:07:00 +01:00
committed by GitHub
parent d98711d4ea
commit 7d2d012e3c
3 changed files with 30 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@@ -103,7 +103,8 @@ POSTHOG_HOST=
# Active Record Encryption Keys (Optional)
# These keys are used to encrypt sensitive data like API keys in the database.
# If not provided, they will be automatically generated based on your SECRET_KEY_BASE.
# For managed mode: Set these environment variables to provide encryption keys.
# For self-hosted mode: If not provided, they will be automatically generated based on your SECRET_KEY_BASE.
# You can generate your own keys by running: rails db:encryption:init
# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=