feat(docker): add encryption key generation for integration secrets (#1202)

* feat(docker): add encryption key generation for integration secrets

* chore: address pull request feedback

* fix: build failing

* fix: docker build fails because of error when encryption key not defined

scripts/generateEncryptionKey.js

@@ -0,0 +1,7 @@
+// This script generates a random encryption key
+// This key is used to encrypt and decrypt the integration secrets
+// In production it is generated in run.sh and stored in the environment variable ENCRYPTION_KEY
+// during runtime, it's also stored in a file.
+
+const crypto = require("crypto");
+console.log(crypto.randomBytes(32).toString("hex"));

scripts/run.sh

@@ -6,6 +6,19 @@ else
     node ./db/migrations/$DB_DIALECT/migrate.cjs ./db/migrations/$DB_DIALECT
 fi
 
+# Generates an encryption key if it doesn't exist and saves it to /secrets/encryptionKey
+# Also sets the ENCRYPTION_KEY environment variable
+encryptionKey=""
+if [ -r /secrets/encryptionKey ]; then
+    echo "Encryption key already exists"
+    encryptionKey=$(cat /secrets/encryptionKey)
+else
+    echo "Generating encryption key"
+    encryptionKey=$(node ./generateEncryptionKey.js)
+    echo $encryptionKey > /secrets/encryptionKey
+fi
+export ENCRYPTION_KEY=$encryptionKey
+
 # Start nginx proxy
 # 1. Replace the HOSTNAME in the nginx template file
 # 2. Create the nginx configuration file from the template