From c092cd2529d20698b7e7a9710762329045573203 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Wed, 30 Sep 2020 11:32:17 +0200 Subject: [PATCH] referral-service: add IP_SALT env variable from secrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- ansible/group_vars/referral.yml | 2 ++ ansible/roles/referral-service/README.md | 2 ++ ansible/roles/referral-service/defaults/main.yml | 2 ++ ansible/roles/referral-service/templates/app.env.j2 | 1 + 4 files changed, 7 insertions(+) diff --git a/ansible/group_vars/referral.yml b/ansible/group_vars/referral.yml index a475298..8d4acc6 100644 --- a/ansible/group_vars/referral.yml +++ b/ansible/group_vars/referral.yml @@ -19,6 +19,8 @@ referral_srv_eth_private_key: '{{lookup("passwordstore", "service/referral-servi # Rails secret key base referral_srv_secret_key_base: '{{lookup("passwordstore", "service/referral-service/"+stage+"/secret-key-base")}}' +# The salt for the hashing of ips +referral_srv_ip_salt: '{{lookup("passwordstore", "service/referral-service/"+stage+"/ip-salt")}}' # GeoIP API Auth referral_srv_geoip_account_id: '{{lookup("passwordstore", "service/referral-service/"+stage+"/geoip/account-id")}}' diff --git a/ansible/roles/referral-service/README.md b/ansible/roles/referral-service/README.md index ad41d96..5889cc5 100644 --- a/ansible/roles/referral-service/README.md +++ b/ansible/roles/referral-service/README.md @@ -13,6 +13,8 @@ referral_srv_public_protocol: 'https' # for production cookies referral_srv_secret_key_base: '128charLongHexadecimal' +# for hashing of ips +referral_srv_ip_salt: 'A-Reasonably-Long-Random-String' # For Play Store integration referral_srv_google_sign_in_client_id: '1234-abcd..apps.googleusercontent.com' diff --git a/ansible/roles/referral-service/defaults/main.yml b/ansible/roles/referral-service/defaults/main.yml index d74018a..05f43af 100644 --- a/ansible/roles/referral-service/defaults/main.yml +++ b/ansible/roles/referral-service/defaults/main.yml @@ -6,6 +6,8 @@ referral_srv_public_protocol: 'https' # Key base for production cookies referral_srv_secret_key_base: ~ +# The salt for the hashing of ips +referral_srv_ip_salt: ~ # required service env variables referral_srv_google_sign_in_client_id: ~ diff --git a/ansible/roles/referral-service/templates/app.env.j2 b/ansible/roles/referral-service/templates/app.env.j2 index c68e26c..4848d5d 100644 --- a/ansible/roles/referral-service/templates/app.env.j2 +++ b/ansible/roles/referral-service/templates/app.env.j2 @@ -3,6 +3,7 @@ RAILS_ENV=production RAILS_MAX_THREADS={{ ansible_processor_vcpus | default(2) }} SECRET_KEY_BASE={{ referral_srv_secret_key_base | mandatory }} PORT={{ referral_srv_app_port | mandatory }} +IP_SALT={{ referral_srv_ip_salt | mandatory }} PIDFILE=/tmp/app.pid # OAuth settings