Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate valid fernet keys for local deployment #196

Open
Kytha opened this issue Nov 28, 2024 · 0 comments
Open

Generate valid fernet keys for local deployment #196

Kytha opened this issue Nov 28, 2024 · 0 comments

Comments

@Kytha
Copy link
Contributor

Kytha commented Nov 28, 2024

Overview

The current fernet key in docker-compose file is deliberately invalid. This prevents the use of any feature relying on fernet encryption for local deployments.

To prevent hard-coding a valid fernet key (which risks general public using it in production), we should update run.sh to generate a valid fernet key, cache it locally, and pass it as an environment variable to the docker-compose file. So when run.sh is executed it either gets key from the cache, or if it doesn't exist, it generates a new one.
kashyapkannan pushed a commit to kashyapkannan/amazon-mwaa-docker-images that referenced this issue Jan 3, 2025
Generate, cache and pass valid fernet keys for local deployment (aws#196
eff5720 
)
kashyapkannan pushed a commit to kashyapkannan/amazon-mwaa-docker-images that referenced this issue Jan 3, 2025
Generate, cache and pass valid fernet keys for local deployment (aws#196
5e5dd78 
)
@kashyapkannan kashyapkannan mentioned this issue Jan 3, 2025
Merged
kashyapkannan pushed a commit to kashyapkannan/amazon-mwaa-docker-images that referenced this issue Jan 7, 2025
Generate, cache and pass valid fernet keys for local deployment (aws#196
aee9c03 
)
kashyapkannan pushed a commit to kashyapkannan/amazon-mwaa-docker-images that referenced this issue Jan 7, 2025
Generate, cache and pass valid fernet keys for local deployment (aws#196
a16b228 
)
vishalvijay18 pushed a commit that referenced this issue Jan 8, 2025
@kashyapkannan
Generate, cache and pass valid fernet keys for local deployment (#196) (
9963b55 
#207)

*Issue #, if available:* #196

*Description of changes:* 
- Modified run.sh to generate, cache and pass valid fernet key to the
docker-compose file.
- Added a script to be able to use pip install in run.sh to temporarily
install dependencies needed before the bootstrap steps, like in this
use-case.
- Updated pip_install_check.py and run_all.py quality_check files'
shebang for better portability.
- Updated lint_bash check to exclude .venv's generated scripts.

*Description of testing:* 
- Built and ran image locally with the run.sh script.
- Used log statements to verify the fernet key was valid and being
passed correctly.

By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.

Co-authored-by: Kashyap Kannan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Kytha