Cache the fernet key in the /config volume #55
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Thanks for opening this pull request! Be sure to follow the pull request template!
|
I am a bot, here are the test results for this PR:
|
|
I am a bot, here are the test results for this PR:
|
|
I am a bot, here are the test results for this PR:
|
|
This container is meant to be fully ephemeral, in other words no need for a bind mounted volume. Your issue of sessions being invalidated should only occur when the container is recreated, not when it's restarted. And that issue can be solved by passing in a fernet key via env var. |
|
@aptalca A bind mounted volume is optional with my patch. Whenever I Yes, I could write CM code to create the key and pass it in the environment. However that is extra code I have to write to automate this on a bunch of containers. Vs just adding a volume to the container config. In addition, the key returned by /app/fernet-key.py is not accepted as a value for FERNETKEY because .decode() was not called on it, so it includes the Thanks. Jeff |
|
You only need to create the key once and add it to your compose as an env var. That's it. You can create the fernet key however you like. You're not meant to use the internal script as that's for container use only. There are tons of different ways to create a fernet key, including online generators (make sure to use a local one if you do) |
|
I am a bot, here are the test results for this PR:
|
|
This pull request has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions. |
Description:
When the fernet key is not provided in an environment variable, cache the generated key in
/config/fernet.key. If this is a persistent volume, the key will be reused on container restarts.This change will also accept a fernet key with or w/o enclosing "b'" and "'". This avoids confusion as
/app/fernet-key.pyprints it with the byte-string quotes.Benefits of this PR and context:
This is an easier method to preserve the key to prevent issues when the container restarts. Even on occasional container restarts I was having problems getting the login page w/o clearing cookies.
How Has This Been Tested?
I've been running this change for several days in several docker compose container stacks on x86_64 with a
/configvolume mounted andFERNETKEYnot defined and a volume mounted. My gateway errors on the login page have gone away.I also switched between defining
FERNETKEY(to one generated by and cached in/config) and mounting the/configvolume to ensure that the same key was being used (by reloading the web page and watching for tracebacks in the container logs).Source / References: