Use SECRET_KEY_BASE_DUMMY feature as placeholder during asset compilation (#30505)

2024-06-10 16:08:04 -04:00
parent 9cc4040308
commit 0e1110c947
4 changed files with 12 additions and 11 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -156,7 +156,11 @@ Rails.application.configure do
  }

  # TODO: Remove once devise-two-factor data migration complete
-  config.x.otp_secret = ENV.fetch('OTP_SECRET')
+  config.x.otp_secret = if ENV['SECRET_KEY_BASE_DUMMY']
+                          SecureRandom.hex(64)
+                        else
+                          ENV.fetch('OTP_SECRET')
+                        end

  # Enable DNS rebinding protection and other `Host` header attacks.
  # config.hosts = [
--- a/config/initializers/active_record_encryption.rb
+++ b/config/initializers/active_record_encryption.rb
@@ -5,6 +5,11 @@
  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
 ).each do |key|
+  if ENV['SECRET_KEY_BASE_DUMMY']
+    # Use placeholder value during production env asset compilation
+    ENV[key] = SecureRandom.hex(64)
+  end
+
  value = ENV.fetch(key) do
    abort <<~MESSAGE