github/dawarich
1
1
Fork 0
mirror of https://github.com/Freika/dawarich.git synced 2026-04-22 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
dawarich/config/initializers/active_record_encryption.rb
Eugene Burmakin afc45c0220 Make 2fa config optional
2026-03-29 00:24:50 +01:00

15 lines
953 B
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
# Active Record Encryption is required by devise-two-factor for the `encrypts :otp_secret`
# declaration on the User model. These keys must always be set for the model to load.
#
# 2FA is only user-facing when all three env vars are explicitly set (checked via
# DawarichSettings.two_factor_available?). Without them, the 2FA settings page is hidden
# and the OTP login challenge is skipped — but the model still needs encryption keys to boot.
Rails.application.config.active_record.encryption.primary_key =
ENV.fetch('OTP_ENCRYPTION_PRIMARY_KEY', 'dawarich-dev-primary-key-not-for-production')
Rails.application.config.active_record.encryption.deterministic_key =
ENV.fetch('OTP_ENCRYPTION_DETERMINISTIC_KEY', 'dawarich-dev-deterministic-not-for-prod')
Rails.application.config.active_record.encryption.key_derivation_salt =
ENV.fetch('OTP_ENCRYPTION_KEY_DERIVATION_SALT', 'dawarich-dev-salt-not-for-production')
Reference in New Issue View Git Blame Copy Permalink