FEATURE: Add setting for encryption key

With this the encryption key can be defined in a setting. When defined it is not received from cache anymore. Resolves: neos#3425
christophlehmann · Dec 22, 2024 · 209032e · 209032e
1 parent 70f54fd
commit 209032e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/Neos.Flow/Classes/Security/Cryptography/HashService.php b/Neos.Flow/Classes/Security/Cryptography/HashService.php
@@ -63,6 +63,9 @@ class HashService
     public function injectSettings(array $settings)
     {
         $this->strategySettings = $settings['security']['cryptography']['hashingStrategies'];
+        if (!empty($settings['security']['cryptography']['encryptionKey'])) {
+            $this->encryptionKey = $settings['security']['cryptography']['encryptionKey'];
+        }
     }
 
     /**

diff --git a/Neos.Flow/Configuration/Settings.Security.yaml b/Neos.Flow/Configuration/Settings.Security.yaml
@@ -98,6 +98,10 @@ Neos:
 
       cryptography:
 
+        # A private, unique key used for encryption tasks. Normally 40 characters long and received from a persistent
+        # filesystem cache. If set to a non-empty string, the cache is not involved anymore.
+        encryptionKey: ''
+
         hashingStrategies:
 
           # The default strategy will be used to hash or validate passwords if no specific strategy is given

diff --git a/Neos.Flow/Resources/Private/Schema/Settings/Neos.Flow.security.schema.yaml b/Neos.Flow/Resources/Private/Schema/Settings/Neos.Flow.security.schema.yaml
@@ -74,6 +74,8 @@ properties:
     additionalProperties: false
     required: true
     properties:
+      'encryptionKey': { type: string, required: true }
+
       'hashingStrategies':
         type: dictionary
         additionalProperties: { type: string, format: class-name }