summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-03-22 10:10:16 +0100
committerAzul <azul@riseup.net>2017-03-22 10:10:16 +0100
commit44f20f7c3907d500adde0edc87c90b2cd339acea (patch)
treeae84426cb988ebee7db1d2e9da5b77f016b998df /puppet/modules/site_webapp
parent4dbb2c726b7594685ed7857a3f2f89d9a08f36ff (diff)
webapp: add secret_key_base to config
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp1
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb1
2 files changed, 2 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 1ae80012..deb8e8c8 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,6 +10,7 @@ class site_webapp {
$provider_domain = $node_domain['full_suffix']
$webapp = hiera('webapp')
$api_version = $webapp['api_version']
+ $secret_key_base = $webapp['secret_key_base']
$secret_token = $webapp['secret_token']
$tor = hiera('tor', false)
$sources = hiera('sources')
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index dd55d3e9..1a802f4c 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -8,6 +8,7 @@ production = {
"force_ssl" => @webapp['secure'],
"client_ca_key" => "%s/%s.key" % [scope.lookupvar('x509::variables::keys'), scope.lookupvar('site_config::params::client_ca_name')],
"client_ca_cert" => "%s/%s.crt" % [scope.lookupvar('x509::variables::local_CAs'), scope.lookupvar('site_config::params::client_ca_name')],
+ "secret_key_base" => @secret_key_base,
"secret_token" => @secret_token,
"client_cert_lifespan" => cert_options['life_span'],
"client_cert_bit_size" => cert_options['bit_size'].to_i,