From 41c108e063d12c5cc23c80d01138a012e9d22010 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Thu, 14 Jan 2021 10:31:17 +0000 Subject: [PATCH] commit 4de260c3579987a6577d2787def54b24940870d1 Author: Robert Kaussow Date: Thu Jan 14 11:26:06 2021 +0100 add option DRONE_DATABASE_SECRET to enable secrets encryption in db --- index.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/index.md b/index.md index 4b1550f..9a4521a 100644 --- a/index.md +++ b/index.md @@ -13,6 +13,7 @@ Setup [Drone CI](https://drone.io/) base server. Drone is a Continuous Delivery * [droneci_db_name](#droneci_db_name) * [droneci_db_password](#droneci_db_password) * [droneci_db_port](#droneci_db_port) + * [droneci_db_secret](#droneci_db_secret) * [droneci_db_server](#droneci_db_server) * [droneci_db_ssl_mode](#droneci_db_ssl_mode) * [droneci_db_type](#droneci_db_type) @@ -91,6 +92,22 @@ droneci_db_password: secure droneci_db_port: 5432 ``` +### droneci_db_secret + +Drone supports aesgcm encryption of secrets stored in the database. You must enable encryption before any secrets are stored in the database! You can generate an encryption key with e.g. `openssl rand -hex 16`. + +#### Default value + +```YAML +droneci_db_secret: _unset_ +``` + +#### Example usage + +```YAML +droneci_db_secret: 0c549fd39ae397333761d2cb0c53c219 +``` + ### droneci_db_server #### Default value