Add simple master key provider for secret encryption

2025-08-18 06:34:07 +09:00 · 2021-01-05 17:46:37 +02:00
parent 9647989d99
commit d4e84c0433
12 changed files with 326 additions and 0 deletions
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -215,6 +215,8 @@ var (
 		HMACKey   string `ini:"HMAC_KEY"`
 		Allways   bool
 	}{}
+	MasterKeyProvider                  string
+	MasterKey                          []byte

 	// UI settings
 	UI = struct {
@ -964,6 +966,20 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 	PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
 	SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)

+	// Master key provider configuration
+	MasterKeyProvider = sec.Key("MASTER_KEY_PROVIDER").MustString("none")
+	switch MasterKeyProvider {
+	case "plain":
+		if MasterKey, err = base64.StdEncoding.DecodeString(sec.Key("MASTER_KEY").MustString("")); err != nil {
+			log.Fatal("error loading master key: %v", err)
+			return
+		}
+	case "none":
+	default:
+		log.Fatal("invalid master key provider type: %v", MasterKeyProvider)
+		return
+	}
+
 	InternalToken = loadSecret(sec, "INTERNAL_TOKEN_URI", "INTERNAL_TOKEN")
 	if InstallLock && InternalToken == "" {
 		// if Gitea has been installed but the InternalToken hasn't been generated (upgrade from an old release), we should generate