puckel
commented
8 years ago Hi,
It's an issue indeed, maybe we can set it by an environment variable by default and generate one if nothing is given.
Closed stlong0521 closed 7 years ago
puckel
commented
8 years ago Hi,
It's an issue indeed, maybe we can set it by an environment variable by default and generate one if nothing is given.
stlong0521
commented
8 years ago Yeah, my current workaround is to set it as an environment variable to those containers, and read it from an .env file, which is local and will not be git included.
puckel
commented
7 years ago Hi. I've pushed the fix.
stlong0521
commented
7 years ago That is awesome! To keep it complete, would you like to do the celery mode as well? BTW, setting FERNET_KEY to a newly generated key if it is not set seems redundant, because it will mostly likely still face the "different key" issue.
puckel
commented
7 years ago It's the entrypoint.sh which deals with fernet_key, just add the environment variable to docker-compose file
Hi @puckel ,
I just noticed that the fernet keys are different across containers, which makes the encryption not reversible. This is probably because each container will generate a new key when launching the image and running entrypoint.sh.
I was thinking a solution to move the key generation to Dockerfile from entrypoint.sh, but this could leave security flaws as the key will possibly be built into the image and pushed remote afterwards.
Please let me know what you have in mind about this issue, or correct me if I misunderstood anything.
Thanks, Tianlong