Fixing vault key initialization

kreneskyp · Oct 26, 2023 · 55ee112 · 55ee112
1 parent 10038a0
commit 55ee112
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -346,6 +346,7 @@ prettier: nodejs
 clean:
 	rm -rf .sentinel
 	rm -rf .certs
+	rm .vault.env
 
 .vault.env:
 	@python ./bin/get_uuid.py > .vault.env

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -30,6 +30,7 @@ services:
       - ./.certs/:/var/vault/certs:ro,Z
     env_file:
       - .env
+      - .vault.env
     environment:
       DJANGO_SETTINGS_MODULE: "ix.server.settings"
 
@@ -61,6 +62,7 @@ services:
       - ./.certs/:/var/vault/certs:ro,Z
     env_file:
       - .env
+      - .vault.env
 
   # nodejs / frontend builder
   nodejs:

diff --git a/ix/server/settings.py b/ix/server/settings.py
@@ -248,7 +248,8 @@
         key, value = key_file.strip().split("=")
         os.environ["VAULT_ROOT_KEY"] = value
 
-VAULT_ROOT_KEY = "myroot"
+VAULT_DEV_ROOT_TOKEN_ID = os.environ.get("VAULT_DEV_ROOT_TOKEN_ID", "myroot")
+VAULT_ROOT_KEY = os.environ.get("VAULT_ROOT_TOKEN", VAULT_DEV_ROOT_TOKEN_ID)
 VAULT_SERVER = os.environ.get("VAULT_SERVER", "https://vault:8200")
 VAULT_TOKEN__USER_TOKENS = VAULT_ROOT_KEY
 VAULT_CLIENT_CRT = "/var/vault/certs/client.crt"