secret: clean up init logic
Created by: unknwon
Notes:
- We used to allow pass in the secret key via env var string
SOURCEGRAPH_CRYPT_KEY
, but the secret key we expect is an array of bytes not a string (so how is that possible?🤔 ). Besides, the code logic for reading secret key from env var was actually not working, i.e. suppose to readenvCryptKey
but in fact we readencryptionKey
(which by the time we read it, it is always an empty slice and guarantee to fail). - I realize the decision to automatically turn on encryption for single-docker-container was a mistake, the customer should explicitly chooses to do so (by specifying the
SOURCEGRAPH_SECRET_FILE
).
Part of #14644 (closed)