Ruby on Rails
Thursday, May 24, 2018
Also, just a note that I realized after posting this that core would be a better place for it, so I posted a similar message there. Sorry for the duplication.
On Thu, May 24, 2018 at 10:38 AM, Micah Buckley-Farlee <micah.buckley-farlee@verbasoftware.com> wrote:
Hello!--I've been in a bit of pain recently around rotating our Secrets/Credentials key.Assuming that either the config/master.key file is not checked in, or (as in our case), the RAILS_MASTER_KEY env var is used to specify the key, it is difficult to gracefully rotate keys. Our infrastructure for environment management is separate from our deploy infrastructure, so it is not possible for us to change specific environment variables with deploys of specific commits. I imagine this may also be an issue for various methods of getting the config/master.key file in place on production environments.I'm curious if there is already a story for key rotation that I'm missing, or if that might be something worth implementing (which I would be happy to do).The obvious solution would be the ability to specify multiple key files or env vars, and simply use whichever one successfully decrypts the credentials.Cheers!
Micah
You received this message because you are subscribed to a topic in the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rubyonrails-talk/ .FuxXrhJOFzs/unsubscribe
To unsubscribe from this group and all its topics, send an email to rubyonrails-talk+unsubscribe@googlegroups.com .
To post to this group, send email to rubyonrails-talk@googlegroups.com .
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/ .e168f1d6-d886-4e08-95f8- 994d9644dbcd%40googlegroups. com
For more options, visit https://groups.google.com/d/optout .
Micah Buckley-Farlee
Application Development Manager
Verba Software
(415) 738 - 2374
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAK7MgiZ%3DGD%2BBg3YVs9xcbf4EgNy6Yn2u%2BW19rw6iycRFNLx%3D%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment