Skip to content

secret: clean up init logic

Warren Gifford requested to merge jc/cleanup-secret-init into main

Created by: unknwon

Notes:

  1. We used to allow pass in the secret key via env var string SOURCEGRAPH_CRYPT_KEY, but the secret key we expect is an array of bytes not a string (so how is that possible? 🤔 ). Besides, the code logic for reading secret key from env var was actually not working, i.e. suppose to read envCryptKey but in fact we read encryptionKey (which by the time we read it, it is always an empty slice and guarantee to fail).
  2. I realize the decision to automatically turn on encryption for single-docker-container was a mistake, the customer should explicitly chooses to do so (by specifying the SOURCEGRAPH_SECRET_FILE).

Part of #14644 (closed)

Merge request reports

Loading