misc: added configurable env for enabling/disabling encrypt

2026-01-08 23:18:05 -05:00 · 2024-11-05 22:08:16 +08:00
parent cfa8770bdc
commit 90f85152bc
3 changed files with 6 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@@ -78,3 +78,5 @@ PLAIN_API_KEY=
 PLAIN_WISH_LABEL_IDS=

 SSL_CLIENT_CERTIFICATE_HEADER_KEY=
+
+ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT=
--- a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
@@ -116,6 +116,7 @@ export const secretRotationQueueFactory = ({

  queue.start(QueueName.SecretRotation, async (job) => {
    const { rotationId } = job.data;
+    const appCfg = getConfig();
    logger.info(`secretRotationQueue.process: [rotationDocument=${rotationId}]`);
    const secretRotation = await secretRotationDAL.findById(rotationId);
    const rotationProvider = rotationTemplates.find(({ name }) => name === secretRotation?.provider);
@@ -178,7 +179,7 @@ export const secretRotationQueueFactory = ({
        const options =
          provider.template.client === TDbProviderClients.MsSqlServer
            ? ({
-                encrypt: true,
+                encrypt: appCfg.ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT,
                cryptoCredentialsDetails: ca ? { ca } : {}
              } as Record<string, unknown>)
            : undefined;
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@@ -162,7 +162,8 @@ const envSchema = z
    DISABLE_AUDIT_LOG_GENERATION: zodStrBool.default("false"),
    SSL_CLIENT_CERTIFICATE_HEADER_KEY: zpStr(z.string().optional()).default("x-ssl-client-cert"),
    WORKFLOW_SLACK_CLIENT_ID: zpStr(z.string().optional()),
-    WORKFLOW_SLACK_CLIENT_SECRET: zpStr(z.string().optional())
+    WORKFLOW_SLACK_CLIENT_SECRET: zpStr(z.string().optional()),
+    ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT: zodStrBool.default("true")
  })
  .transform((data) => ({
    ...data,