Skip to content

Make RSA key length explicit #928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
benbz wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Make RSA key length explicit #928

benbz wants to merge 2 commits into from
+17 −14

Conversation

@benbz
Copy link
Member

@benbz benbz commented Dec 8, 2025

Builds on top of #927 as all the secrets types weren't documented beforehand

@benbz benbz requested a review from a team as a code owner December 8, 2025 14:41
@github-actions
Copy link

github-actions bot commented Dec 8, 2025
edited
Loading

dyff of changes in rendered templates of CI manifests

Full contents of manifests and dyffs are available in https://github.com/element-hq/ess-helm/actions/runs/20330742135/artifacts/4909090851

example-default-enabled-components-checkov-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
example-default-enabled-components-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
matrix-authentication-service-checkov-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
matrix-authentication-service-external-synapse-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
matrix-authentication-service-minimal-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
pytest-matrix-authentication-service-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-certificates-pg-external-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-certificates-pg-with-helm-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-external-cert-pg-external-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-external-cert-pg-with-helm-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-letsencrypt-pg-external-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-letsencrypt-pg-with-helm-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-wildcard-cert-pg-external-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
quick-setup-wildcard-cert-pg-with-helm-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:ELEMENT_CALL_LIVEKIT_SECRET:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
well-known-mas-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
well-known-synapse-mas-values.yaml 
@@ Job/ess-ci/release-name-init-secrets - spec.template.spec.containers.init-secrets.args @@
- - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"
+   - "release-name-generated:POSTGRES_SYNAPSE_PASSWORD:rand32,release-name-generated:POSTGRES_MATRIX_AUTHENTICATION_SERVICE_PASSWORD:rand32,release-name-generated:POSTGRES_ADMIN_PASSWORD:rand32,release-name-generated:SYNAPSE_MACAROON:rand32,release-name-generated:SYNAPSE_REGISTRATION_SHARED_SECRET:rand32,release-name-generated:SYNAPSE_SIGNING_KEY:signingkey,release-name-generated:MAS_SYNAPSE_SHARED_SECRET:rand32,release-name-generated:MAS_ENCRYPTION_SECRET:hex32,release-name-generated:MAS_RSA_PRIVATE_KEY:rsa4096,release-name-generated:MAS_ECDSA_PRIME256V1_PRIVATE_KEY:ecdsaprime256v1"

Base automatically changed from bbz/remove-unused-key-generation-types to main December 12, 2025 08:17
@benbz benbz force-pushed the bbz/make-rsa-length-explicit branch from c5827f0 to 72915f5 Compare December 12, 2025 10:20
@benbz benbz force-pushed the bbz/make-rsa-length-explicit branch from 72915f5 to a822ba6 Compare December 18, 2025 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gaelgatelement gaelgatelement gaelgatelement approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benbz @gaelgatelement