FEATURE: Add setting for encryption key

With this the encryption key can be defined in a setting. When defined it is not received from cache anymore. Resolves: neos#3425
christophlehmann · Dec 21, 2024 · f26ad1a · f26ad1a
1 parent 70f54fd
commit f26ad1a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/Neos.Flow/Classes/Security/Cryptography/HashService.php b/Neos.Flow/Classes/Security/Cryptography/HashService.php
@@ -63,6 +63,9 @@ class HashService
     public function injectSettings(array $settings)
     {
         $this->strategySettings = $settings['security']['cryptography']['hashingStrategies'];
+        if (!empty($settings['security']['cryptography']['encryptionKey'])) {
+            $this->encryptionKey = $settings['security']['cryptography']['encryptionKey'];
+        }
     }
 
     /**

diff --git a/Neos.Flow/Configuration/Settings.Security.yaml b/Neos.Flow/Configuration/Settings.Security.yaml
@@ -98,6 +98,10 @@ Neos:
 
       cryptography:
 
+        # A private, unique key used for encryption tasks. Normally 40 characters long and received from a persistent
+        # filesystem cache. If set to a non-empty string, the cache is not involved anymore.
+        encryptionKey: ''
+
         hashingStrategies:
 
           # The default strategy will be used to hash or validate passwords if no specific strategy is given