Patch #33929 ยป encrypt-totp-secret-key-with-rake-task.patch
| config/configuration.yml.example | ||
|---|---|---|
| 138 | 138 |
# scm_stderr_log_file: /var/log/redmine_scm_stderr.log |
| 139 | 139 |
scm_stderr_log_file: |
| 140 | 140 | |
| 141 |
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords). |
|
| 141 |
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords, |
|
| 142 |
# and TOTP (two-factor authentication) secret keys). |
|
| 142 | 143 |
# If you don't want to enable data encryption, just leave it blank. |
| 143 | 144 |
# WARNING: losing/changing this key will make encrypted data unreadable. |
| 144 | 145 |
# |
| lib/tasks/ciphering.rake | ||
|---|---|---|
| 20 | 20 |
desc 'Encrypts SCM and LDAP passwords in the database.' |
| 21 | 21 |
task :encrypt => :environment do |
| 22 | 22 |
unless (Repository.encrypt_all(:password) && |
| 23 |
AuthSource.encrypt_all(:account_password)) |
|
| 23 |
AuthSource.encrypt_all(:account_password) && |
|
| 24 |
User.encrypt_all(:twofa_totp_key)) |
|
| 24 | 25 |
raise "Some objects could not be saved after encryption, update was rolled back." |
| 25 | 26 |
end |
| 26 | 27 |
end |
| ... | ... | |
| 28 | 29 |
desc 'Decrypts SCM and LDAP passwords in the database.' |
| 29 | 30 |
task :decrypt => :environment do |
| 30 | 31 |
unless (Repository.decrypt_all(:password) && |
| 31 |
AuthSource.decrypt_all(:account_password)) |
|
| 32 |
AuthSource.decrypt_all(:account_password) && |
|
| 33 |
User.decrypt_all(:twofa_totp_key)) |
|
| 32 | 34 |
raise "Some objects could not be saved after decryption, update was rolled back." |
| 33 | 35 |
end |
| 34 | 36 |
end |