Merge pull request #1123 from opencrvs/ocrvs-10896

fix: Make encryption step optional

Author: adskyiproger

CHANGELOG.md

@@ -6,6 +6,10 @@
 
 - **Remove Unused Scopes**: Removed `RECORD_PRINT_RECORDS_SUPPORTING_DOCUMENTS` and `RECORD_EXPORT_RECORDS` scopes from `REGISTRATION_AGENT`, `LOCAL_REGISTRAR` and `NATIONAL_REGISTRAR`
 
+### Improvements
+
+- Make encryption step optional [#1123](https://github.com/opencrvs/opencrvs-countryconfig/pull/1123)
+
 ## 1.9.0
 
 ### New features

infrastructure/environments/setup-environment.ts

@@ -386,7 +386,7 @@ const countryQuestions = [
   }
 ]
 
-const infrastructureQuestions = [
+const diskQuestions = [
   {
     name: 'diskSpace',
     type: 'text' as const,
@@ -397,8 +397,10 @@ const infrastructureQuestions = [
     validate: notEmpty,
     valueLabel: 'DISK_SPACE',
     initial: process.env.DISK_SPACE || '200g',
-    scope: 'ENVIRONMENT' as const
+    scope: 'ENVIRONMENT' as const,
   },
+]
+const infrastructureQuestions = [
   {
     name: 'domain',
     type: 'text' as const,
@@ -780,6 +782,7 @@ ALL_QUESTIONS.push(
   ...dockerhubQuestions,
   ...sshQuestions,
   ...sshKeyQuestions,
+  ...diskQuestions,
   ...infrastructureQuestions,
   ...countryQuestions,
   ...databaseAndMonitoringQuestions,
@@ -887,7 +890,7 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
     ...existingRepositoryVariable,
     ...existingEnvironmentSecrets
   ]
-
+  let enableEncryption = true
   if (
     existingEnvironmentVariables.length > 0 ||
     existingEnvironmentSecrets.length > 0
@@ -967,7 +970,32 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
       )
     }
   } else {
-    log('\n', kleur.bold().underline('Server setup'))
+    log('\n', kleur.bold().underline('Server setup'), '\n')
+    const encryption_key_defined = findExistingValue(
+            'ENCRYPTION_KEY',
+            'SECRET',
+            'ENVIRONMENT',
+            existingValues
+    )
+
+    if (!encryption_key_defined) {
+        const answers_enable_encryption = await prompts(
+          [
+            {
+              name: 'enableEncryption',
+              type: 'confirm' as const,
+              message: 'Do you want to enable disk encryption?',
+              scope: 'ENVIRONMENT' as const,
+              initial: Boolean(process.env.ENABLE_ENCRYPTION)
+            }
+          ].map(questionToPrompt)
+        )
+        enableEncryption = answers_enable_encryption.enableEncryption
+    }
+    if (enableEncryption) {
+      console.log('\n', kleur.bold().green('✔'), kleur.bold().yellow(' Disk encryption is enabled'))
+      await promptAndStoreAnswer(environment, diskQuestions, existingValues)
+    }
     const { domain } = await promptAndStoreAnswer(
       environment,
       infrastructureQuestions,
@@ -1101,6 +1129,26 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
     }
   ]
 
+  if (enableEncryption){
+    derivedUpdates.push({
+      name: 'ENCRYPTION_KEY',
+      type: 'SECRET' as const,
+      didExist: findExistingValue(
+        'ENCRYPTION_KEY',
+        'SECRET',
+        'ENVIRONMENT',
+        existingValues
+      ),
+      value: findExistingOrDefine(
+        'ENCRYPTION_KEY',
+        'SECRET',
+        'ENVIRONMENT',
+        generateLongPassword()
+      ),
+      scope: 'ENVIRONMENT' as const
+    })
+  }
+
   if (['production', 'staging'].includes(environment)) {
     derivedUpdates.push({
       name: 'BACKUP_ENCRYPTION_PASSPHRASE',
@@ -1275,23 +1323,6 @@ const SPECIAL_NON_APPLICATION_ENVIRONMENTS = ['jump', 'backup']
       ),
       scope: 'ENVIRONMENT' as const
     },
-    {
-      name: 'ENCRYPTION_KEY',
-      type: 'SECRET' as const,
-      didExist: findExistingValue(
-        'ENCRYPTION_KEY',
-        'SECRET',
-        'ENVIRONMENT',
-        existingValues
-      ),
-      value: findExistingOrDefine(
-        'ENCRYPTION_KEY',
-        'SECRET',
-        'ENVIRONMENT',
-        generateLongPassword()
-      ),
-      scope: 'ENVIRONMENT' as const
-    },
     {
       type: 'VARIABLE' as const,
       name: 'ACTIVATE_USERS',