DB encryption and changelogs

So, feedback and a question. :slight_smile:

Background: I just got around to updating to pulp-core 3.15. In my checkout testing, I see that the content and API components aren’t starting. As it turns out, there’s a new config value introduced in 3.15 which encrypts some values in the database. That parameter has a default path to a file. The file is initially created by the pulp installer, which I don’t use. So, upgrade == broken.

Feedback: I read the changelog, but the only mention of this is that support for encryption is now available – nothing about “btw, if a key isn’t generated, we’ll fail because this is mandatory.” I guess most people use the installer? My bad and this is why we test, but it would’ve been nice if that changelog entry had been a tad more explicit. #CaptainHindsight

Question: I already use database-level encryption for storage and TLS to the DB. This new persistent encryption key is something that will be mildly annoying to manage and doesn’t seemingly buy me anything; I generally want the application deployment to be as stateless as possible, so it’d be ideal if I could just skip this. Looks like there’s not currently support to simply disable that. I’m cool with submitting a patch to skip it if the variable is set to “empty”, but before I do that I thought it’d be worth checking to see if that’d be reasonable / if I’m overlooking something obvious which would make that a terrible idea.

1 Like

I’d love to see this configurable. I order to properly run the encrypting migration, the option should still be mandatory.

Also it would have been nice to have a Discourse discussion about that feature to get more community buy in on the implementation. On the other hand, i remember we discussed this feature a lot in other channels, and i’m unsure what amount of extra effort to open up the decisions is appropriate.

Sorry, we are on the verge to break your installation here.