Generate Let's Encrypt private key

444959bf · vshushlin · Grzegorz Bizon · 81528a3a · 444959bf · 444959bf
Commit 444959bf authored 5 years ago by vshushlin Committed by Grzegorz Bizon 5 years ago
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -28,7 +28,8 @@ def create_tokens
    secret_key_base: file_secret_key || generate_new_secure_token,
    otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
    db_key_base: generate_new_secure_token,
-    openid_connect_signing_key: generate_new_rsa_private_key
+    openid_connect_signing_key: generate_new_rsa_private_key,
+    lets_encrypt_private_key: generate_lets_encrypt_private_key
  }
  
  missing_secrets = set_missing_keys(defaults)
@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
  OpenSSL::PKey::RSA.new(2048).to_pem
 end
  
+def generate_lets_encrypt_private_key
+  OpenSSL::PKey::RSA.new(4096).to_pem
+end
+
 def warn_missing_secret(secret)
  warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
 end

--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -45,11 +45,21 @@ describe 'create_tokens' do
        expect(keys).to all(match(RSA_KEY))
      end
  
+      it "generates private key for Let's Encrypt" do
+        create_tokens
+
+        keys = secrets.values_at(:lets_encrypt_private_key)
+
+        expect(keys.uniq).to eq(keys)
+        expect(keys).to all(match(RSA_KEY))
+      end
+
      it 'warns about the secrets to add to secrets.yml' do
        expect(self).to receive(:warn_missing_secret).with('secret_key_base')
        expect(self).to receive(:warn_missing_secret).with('otp_key_base')
        expect(self).to receive(:warn_missing_secret).with('db_key_base')
        expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
+        expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key')
  
        create_tokens
      end
@@ -78,6 +88,7 @@ describe 'create_tokens' do
      before do
        secrets.db_key_base = 'db_key_base'
        secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+        secrets.lets_encrypt_private_key = 'lets_encrypt_private_key'
  
        allow(File).to receive(:exist?).with('.secret').and_return(true)
        allow(File).to receive(:read).with('.secret').and_return('file_key')