Different FERNET_KEY across docker containers #39
Comments
|
Hi, It's an issue indeed, maybe we can set it by an environment variable by default and generate one if nothing is given. |
|
Yeah, my current workaround is to set it as an environment variable to those containers, and read it from an .env file, which is local and will not be git included. |
puckel
added a commit
that referenced
this issue
Oct 17, 2016
|
Hi. I've pushed the fix. |
|
That is awesome! To keep it complete, would you like to do the celery mode as well? BTW, setting FERNET_KEY to a newly generated key if it is not set seems redundant, because it will mostly likely still face the "different key" issue. |
|
It's the entrypoint.sh which deals with fernet_key, just add the environment variable to docker-compose file |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @puckel ,
I just noticed that the fernet keys are different across containers, which makes the encryption not reversible. This is probably because each container will generate a new key when launching the image and running entrypoint.sh.
I was thinking a solution to move the key generation to Dockerfile from entrypoint.sh, but this could leave security flaws as the key will possibly be built into the image and pushed remote afterwards.
Please let me know what you have in mind about this issue, or correct me if I misunderstood anything.
Thanks,
Tianlong
The text was updated successfully, but these errors were encountered: