meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-20 15:31:12 +00:00
Code Issues Releases Wiki Activity

Rake tasks db:encrypt and db:decrypt now supports TOTP secret keys (#1237, #33929).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@20005 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA 2020-09-05 06:24:37 +00:00
parent 9b1b10620b
commit 28dd747fc6
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/configuration.yml.example
View File

@ -138,11 +138,12 @@ default:
# scm_stderr_log_file: /var/log/redmine_scm_stderr.log # scm_stderr_log_file: /var/log/redmine_scm_stderr.log
scm_stderr_log_file: scm_stderr_log_file:
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords). # Key used to encrypt sensitive data in the database (SCM passwords,
# LDAP passwords, and TOTP (two-factor authentication) secret keys).
# If you don't want to enable data encryption, just leave it blank. # If you don't want to enable data encryption, just leave it blank.
# WARNING: losing/changing this key will make encrypted data unreadable. # WARNING: losing/changing this key will make encrypted data unreadable.
# #
# If you want to encrypt existing passwords in your database: # If you want to encrypt existing data in your database:
# * set the cipher key here in your configuration file # * set the cipher key here in your configuration file
# * encrypt data using 'rake db:encrypt RAILS_ENV=production' # * encrypt data using 'rake db:encrypt RAILS_ENV=production'
# #
@ -150,7 +151,7 @@ default:
# * decrypt data using 'rake db:decrypt RAILS_ENV=production' first # * decrypt data using 'rake db:decrypt RAILS_ENV=production' first
# * change the cipher key here in your configuration file # * change the cipher key here in your configuration file
# * encrypt data using 'rake db:encrypt RAILS_ENV=production' # * encrypt data using 'rake db:encrypt RAILS_ENV=production'
database_cipher_key: database_cipher_key: 'foo'
# Set this to false to disable plugins' assets mirroring on startup. # Set this to false to disable plugins' assets mirroring on startup.
# You can use `rake redmine:plugins:assets` to manually mirror assets # You can use `rake redmine:plugins:assets` to manually mirror assets

6
lib/tasks/ciphering.rake
View File

@ -20,7 +20,8 @@ namespace :db do
desc 'Encrypts SCM and LDAP passwords in the database.' desc 'Encrypts SCM and LDAP passwords in the database.'
task :encrypt => :environment do task :encrypt => :environment do
unless (Repository.encrypt_all(:password) && unless (Repository.encrypt_all(:password) &&
AuthSource.encrypt_all(:account_password)) AuthSource.encrypt_all(:account_password) &&
User.encrypt_all(:twofa_totp_key))
raise "Some objects could not be saved after encryption, update was rolled back." raise "Some objects could not be saved after encryption, update was rolled back."
end end
end end
@ -28,7 +29,8 @@ namespace :db do
desc 'Decrypts SCM and LDAP passwords in the database.' desc 'Decrypts SCM and LDAP passwords in the database.'
task :decrypt => :environment do task :decrypt => :environment do
unless (Repository.decrypt_all(:password) && unless (Repository.decrypt_all(:password) &&
AuthSource.decrypt_all(:account_password)) AuthSource.decrypt_all(:account_password) &&
User.decrypt_all(:twofa_totp_key))
raise "Some objects could not be saved after decryption, update was rolled back." raise "Some objects could not be saved after decryption, update was rolled back."
end end
end end