Commit d41af2c1 authored by DJ Mountney's avatar DJ Mountney

Add lets-encrypt pages private secret to secret generation

Note that this currently works for new installs. A followup MR will be
needed for upgrades.
parent d9c8cd7b
Pipeline #60763157 failed with stages
in 27 minutes and 45 seconds
......@@ -66,6 +66,7 @@ if [ -n "$env" ]; then
otp_key_base=$(gen_random 'a-f0-9' 128) # equavilent to secureRandom.hex(64)
db_key_base=$(gen_random 'a-f0-9' 128) # equavilent to secureRandom.hex(64)
openid_connect_signing_key=$(openssl genrsa 2048);
lets_encrypt_private_key=$(openssl genrsa 2048);
cat << EOF > secrets.yml
$env:
......@@ -73,6 +74,8 @@ $env:
otp_key_base: $otp_key_base
db_key_base: $db_key_base
openid_connect_signing_key: |
$(openssl genrsa 2048 | awk '{print " " $0}')
lets_encrypt_private_key: |
$(openssl genrsa 2048 | awk '{print " " $0}')
EOF
generate_secret_if_needed {{ template "gitlab.rails-secrets.secret" . }} --from-file secrets.yml
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment