From 5c3d797549c7d199ab8333a6adca179c5253092f Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Fri, 1 Nov 2024 16:30:49 +1100
Subject: [PATCH] update puma configuration with active record encryption
 environment vars

---
 config/deploy/production/puma.yaml.erb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/config/deploy/production/puma.yaml.erb b/config/deploy/production/puma.yaml.erb
index 076a37e..20e34d8 100644
--- a/config/deploy/production/puma.yaml.erb
+++ b/config/deploy/production/puma.yaml.erb
@@ -124,6 +124,21 @@ spec:
               secretKeyRef:
                 name: production
                 key: github_private_key
+          - name: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
+            valueFrom:
+              secretKeyRef:
+                name: production
+                key: active_record_encryption_primary_key
+          - name: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
+            valueFrom:
+              secretKeyRef:
+                name: production
+                key: active_record_encryption_deterministic_key
+          - name: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
+            valueFrom:
+              secretKeyRef:
+                name: production
+                key: active_record_encryption_key_derivation_salt
         securityContext:
           privileged: false
         lifecycle: