From 601249b0bfa07fd4fe5f9fb2d8496c732bfba409 Mon Sep 17 00:00:00 2001 From: Lucas Di Pentima Date: Fri, 7 Aug 2020 12:09:14 -0300 Subject: [PATCH] 16470: Removes active storage config file, ammends secrets.yml file. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- services/api/config/secrets.yml | 23 ++++++++------------ services/api/config/storage.yml | 38 --------------------------------- 2 files changed, 9 insertions(+), 52 deletions(-) delete mode 100644 services/api/config/storage.yml diff --git a/services/api/config/secrets.yml b/services/api/config/secrets.yml index 62e1f27cd5..374d52969d 100644 --- a/services/api/config/secrets.yml +++ b/services/api/config/secrets.yml @@ -11,26 +11,21 @@ # no regular words or you'll be exposed to dictionary attacks. # You can use `rails secret` to generate a secure secret key. -# Make sure the secrets in this file are kept private -# if you're sharing your code publicly. - -# Shared secrets are available across all environments. +# NOTE that these get overriden by Arvados' own configuration system. # shared: # api_key: a1B2c3D4e5F6 # Environmental secrets are only available for that specific environment. -development: - secret_key_base: 5b710df613166e048853346d14a1837593db4463b5a778a0b747346d4758a0b4fce9f136c3063f37d92def51917fd42d137f94190de2262ebf3fe25c1f16748a - -test: - secret_key_base: 52392a8314cf1d49f2a81478541578e9be2db70d2be0047492d5ce6b7c7234303e01ff8742fc4c90775fa1fbee2dc3e85d7ecb17a50c36e2b0e29943f82d0804 +# development: +# secret_key_base: rand(1<<255).to_s(36) -# Do not keep production secrets in the unencrypted secrets file. -# Instead, either read values from the environment. -# Or, use `bin/rails secrets:setup` to configure encrypted secrets -# and move the `production:` environment over there. +# test: +# secret_key_base: rand(1<<255).to_s(36) +# In case this doesn't get overriden for some reason, assign a random key +# to gracefully degrade by rejecting cookies instead of by opening a +# vulnerability. production: - secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> + secret_key_base: rand(1<<255).to_s(36) diff --git a/services/api/config/storage.yml b/services/api/config/storage.yml deleted file mode 100644 index 5b2c94c43e..0000000000 --- a/services/api/config/storage.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (C) The Arvados Authors. All rights reserved. -# -# SPDX-License-Identifier: AGPL-3.0 - -test: - service: Disk - root: <%= Rails.root.join("tmp/storage") %> - -local: - service: Disk - root: <%= Rails.root.join("storage") %> - -# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key) -# amazon: -# service: S3 -# access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %> -# secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %> -# region: us-east-1 -# bucket: your_own_bucket - -# Remember not to checkin your GCS keyfile to a repository -# google: -# service: GCS -# project: your_project -# credentials: <%= Rails.root.join("path/to/gcs.keyfile") %> -# bucket: your_own_bucket - -# Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key) -# microsoft: -# service: AzureStorage -# storage_account_name: your_account_name -# storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %> -# container: your_container_name - -# mirror: -# service: Mirror -# primary: local -# mirrors: [ amazon, google, microsoft ] -- 2.30.2