So, feedback and a question.
Background: I just got around to updating to pulp-core 3.15. In my checkout testing, I see that the content and API components aren’t starting. As it turns out, there’s a new config value introduced in 3.15 which encrypts some values in the database. That parameter has a default path to a file. The file is initially created by the pulp installer, which I don’t use. So, upgrade == broken.
Feedback: I read the changelog, but the only mention of this is that support for encryption is now available – nothing about “btw, if a key isn’t generated, we’ll fail because this is mandatory.” I guess most people use the installer? My bad and this is why we test, but it would’ve been nice if that changelog entry had been a tad more explicit. #CaptainHindsight
Question: I already use database-level encryption for storage and TLS to the DB. This new persistent encryption key is something that will be mildly annoying to manage and doesn’t seemingly buy me anything; I generally want the application deployment to be as stateless as possible, so it’d be ideal if I could just skip this. Looks like there’s not currently support to simply disable that. I’m cool with submitting a patch to skip it if the variable is set to “empty”, but before I do that I thought it’d be worth checking to see if that’d be reasonable / if I’m overlooking something obvious which would make that a terrible idea.