secret: only turn on encryption when the env var is explicitly specified
Created by: unknwon
As of now, the database secrets encryption will be turned on when one of the following happens:
- The default secret key file exists (
/etc/sourcegraph/token). - The admin specifies the secret key file via env var
SOURCEGRAPH_SECRET_FILEand it exists.
The proposal inspired by my reply to @pecigonzalo is to remove 1. and only keep 2. In addition, when the admin specifies the secret key file via env var SOURCEGRAPH_SECRET_FILE, we throw a hard error when the file does not exist instead of ignoring it.
Would love inputs from @sourcegraph/security about this new proposal before preceding.