Thursday, May 24, 2018
Hello!
-- I've been in a bit of pain recently around rotating our Secrets/Credentials key.
Assuming that either the config/master.key file is not checked in, or (as in our case), the RAILS_MASTER_KEY env var is used to specify the key, it is difficult to gracefully rotate keys. Our infrastructure for environment management is separate from our deploy infrastructure, so it is not possible for us to change specific environment variables with deploys of specific commits. I imagine this may also be an issue for various methods of getting the config/master.key file in place on production environments.
I'm curious if there is already a story for key rotation that I'm missing, or if that might be something worth implementing (which I would be happy to do).
The obvious solution would be the ability to specify multiple key files or env vars, and simply use whichever one successfully decrypts the credentials.
Cheers!
Micah
Micah
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/e168f1d6-d886-4e08-95f8-994d9644dbcd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment