fix: Make encryption step optional

adskyiproger · adskyiproger · commit 81347cb38b4e · 2025-10-29T18:06:41.000+02:00
diff --git a/infrastructure/environments/setup-environment.ts b/infrastructure/environments/setup-environment.ts
@@ -386,7 +386,7 @@ const countryQuestions = [
   }
 ]
 
-const infrastructureQuestions = [
+const diskQuestions = [
   {
     name: 'diskSpace',
     type: 'text' as const,
@@ -397,8 +397,10 @@ const infrastructureQuestions = [
     validate: notEmpty,
     valueLabel: 'DISK_SPACE',
     initial: process.env.DISK_SPACE || '200g',
-    scope: 'ENVIRONMENT' as const
+    scope: 'ENVIRONMENT' as const,
   },
+]
+const infrastructureQuestions = [
   {
     name: 'domain',
     type: 'text' as const,
@@ -887,7 +889,7 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
     ...existingRepositoryVariable,
     ...existingEnvironmentSecrets
   ]
-
+  var enableEncryption = true
   if (
     existingEnvironmentVariables.length > 0 ||
     existingEnvironmentSecrets.length > 0
@@ -967,7 +969,31 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
       )
     }
   } else {
-    log('\n', kleur.bold().underline('Server setup'))
+    log('\n', kleur.bold().underline('Server setup'), '\n')
+    const encryption_key_defined = findExistingValue(
+            'ENCRYPTION_KEY',
+            'SECRET',
+            'ENVIRONMENT',
+            existingValues
+    )
+
+    if (!encryption_key_defined) {
+        const answers_enable_encryption = await prompts(
+          [
+            {
+              name: 'enableEncryption',
+              type: 'confirm' as const,
+              message: 'Do you want to enable disk encryption?',
+              scope: 'ENVIRONMENT' as const,
+              initial: Boolean(process.env.ENABLE_ENCRYPTION)
+            }
+          ].map(questionToPrompt)
+        )
+        enableEncryption = answers_enable_encryption.enableEncryption
+    }
+    if (enableEncryption) {
+      await promptAndStoreAnswer(environment, diskQuestions, existingValues)
+    }
     const { domain } = await promptAndStoreAnswer(
       environment,
       infrastructureQuestions,
@@ -1101,6 +1127,26 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
     }
   ]
 
+    if (enableEncryption){
+    derivedUpdates.push({
+      name: 'ENCRYPTION_KEY',
+      type: 'SECRET' as const,
+      didExist: findExistingValue(
+        'ENCRYPTION_KEY',
+        'SECRET',
+        'ENVIRONMENT',
+        existingValues
+      ),
+      value: findExistingOrDefine(
+        'ENCRYPTION_KEY',
+        'SECRET',
+        'ENVIRONMENT',
+        generateLongPassword()
+      ),
+      scope: 'ENVIRONMENT' as const
+    })
+  }
+
   if (['production', 'staging'].includes(environment)) {
     derivedUpdates.push({
       name: 'BACKUP_ENCRYPTION_PASSPHRASE',
@@ -1275,23 +1321,6 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
       ),
       scope: 'ENVIRONMENT' as const
     },
-    {
-      name: 'ENCRYPTION_KEY',
-      type: 'SECRET' as const,
-      didExist: findExistingValue(
-        'ENCRYPTION_KEY',
-        'SECRET',
-        'ENVIRONMENT',
-        existingValues
-      ),
-      value: findExistingOrDefine(
-        'ENCRYPTION_KEY',
-        'SECRET',
-        'ENVIRONMENT',
-        generateLongPassword()
-      ),
-      scope: 'ENVIRONMENT' as const
-    },
     {
       type: 'VARIABLE' as const,
       name: 'ACTIVATE_USERS',
