Project

General

Profile

Download (2.06 KB) Statistics
| Branch: | Tag: | Revision:

foreman/lib/tasks/encrypt.rake @ 5bdc1930

require 'foreman/util'

namespace :security do
desc 'Generate new encryption key'
task :generate_encryption_key do
include Foreman::Util
File.open(Rails.root.join('config', 'initializers', 'encryption_key.rb'), "w") do |fd|
fd.write("# Be sure to restart your server when you modify this file.

# Your encryption key for encrypting and decrypting database fields.
# If you change this key, all encrypted data will NOT be able to be decrypted by Foreman!
# Make sure the key is at least 32 bytes such as SecureRandom.hex(20)

# You can use `rake security:generate_encryption_key` to regenerate this file.

module EncryptionKey
ENCRYPTION_KEY = ENV['ENCRYPTION_KEY'] || '#{secure_encryption_key}'
end
")
puts "Encryption key generated in file config/initializers/encryption_key.rb"
puts "Restart the server and then run rake db:compute_resources:encrypt"
end
end
end

namespace :db do
namespace :compute_resources do
desc "Encrypt compute resource fields"
task :encrypt => :environment do
if defined?(EncryptionKey) && EncryptionKey.const_defined?(:ENCRYPTION_KEY)
ComputeResource.order(:id).each do |compute_resource|
compute_resource.encryptable_fields.each do |field|
str = compute_resource.read_attribute(field.to_sym)
compute_resource.update_column(field.to_sym, compute_resource.encrypt_field(str))
end
end
else
puts "ENCRYPTION_KEY is not defined, so encryption is turned off."
end
end

desc "Decrypt compute resource fields"
task :decrypt => :environment do
if defined?(EncryptionKey) && EncryptionKey.const_defined?(:ENCRYPTION_KEY)
ComputeResource.order(:id).each do |compute_resource|
compute_resource.encryptable_fields.each do |field|
str = compute_resource.read_attribute(field.to_sym)
compute_resource.update_column(field.to_sym, compute_resource.decrypt_field(str))
end
end
else
puts "ENCRYPTION_KEY is not defined, so encryption is turned off."
end
end
end
end
(3-3/20)