fix(docker): replace anonymous docker volume with env variable for encrypting secrets (#1809)

2026-01-29 10:49:14 +01:00 · 2024-12-31 11:30:29 +01:00
parent 91e1cef611
commit 56b57ad171
11 changed files with 66 additions and 62 deletions
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -6,31 +6,8 @@ else
    node ./db/migrations/$DB_DIALECT/migrate.cjs ./db/migrations/$DB_DIALECT
 fi

-# Generates an encryption key if it doesn't exist and saves it to /secrets/encryptionKey
-# Also sets the ENCRYPTION_KEY environment variable
-encryptionKey=""
-if [ -r /secrets/encryptionKey ]; then
-    echo "Encryption key already exists"
-    encryptionKey=$(cat /secrets/encryptionKey)
-else
-    echo "Generating encryption key"
-    encryptionKey=$(node ./generateRandomSecureKey.js)
-    echo $encryptionKey > /secrets/encryptionKey
-fi
-export ENCRYPTION_KEY=$encryptionKey
-
-# Generates an auth secret if it doesn't exist and saves it to /secrets/authSecret
-# Also sets the AUTH_SECRET environment variable required for auth.js
-authSecret=""
-if [ -r /secrets/authSecret ]; then
-    echo "Auth secret already exists"
-    authSecret=$(cat /secrets/authSecret)
-else
-    echo "Generating auth secret"
-    authSecret=$(node ./generateRandomSecureKey.js)
-    echo $authSecret > /secrets/authSecret
-fi
-export AUTH_SECRET=$authSecret
+# Auth secret is generated every time the container starts as it is required, but not used because we don't need JWTs or Mail hashing
+export AUTH_SECRET=$(openssl rand -base64 32)

 # Start nginx proxy
 # 1. Replace the HOSTNAME in the nginx template file