fix: Make encryption step optional #1123
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment has been minimized.
This comment has been minimized.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| infrastructure/environments/setup-environment.ts | 3/5 | Makes disk encryption optional but breaks mandatory variable check in Ansible playbook (encrypted_disk_size always required) |
1 file reviewed, 3 comments
Comment on lines
+980
to
+993
| if (!encryption_key_defined) { | ||
| const answers_enable_encryption = await prompts( | ||
| [ | ||
| { | ||
| name: 'enableEncryption', | ||
| type: 'confirm' as const, | ||
| message: 'Do you want to enable disk encryption?', | ||
| scope: 'ENVIRONMENT' as const, | ||
| initial: Boolean(process.env.ENABLE_ENCRYPTION) | ||
| } | ||
| ].map(questionToPrompt) | ||
| ) | ||
| enableEncryption = answers_enable_encryption.enableEncryption |
Contributor
There was a problem hiding this comment.
logic: If ENCRYPTION_KEY already exists, enableEncryption stays true but the user is never asked about disk space. This means encryption mode is inferred from the existence of ENCRYPTION_KEY rather than being explicitly controlled. Consider checking for both ENCRYPTION_KEY and DISK_SPACE to determine if encryption was previously enabled, or prompt the user for clarity.
adskyiproger
force-pushed
the
ocrvs-10896
branch
from
81347cb to
4702a05
Compare
adskyiproger
force-pushed
the
ocrvs-10896
branch
from
4702a05 to
5615479
Compare
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
cibelius
approved these changes
Oct 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
Currently, we do not run e2e tests as a check on
opencrvs-countryconfig-repo PRs. Please ensure your PR doesn't break any e2e tests.One method for doing this is to open a PR with these changes to
opencrvs-farajalandas well, and see if the PR check passes there.Description
Goal of this PR is to allow users choose if they wish to go with Encrypted file system or not
Testing
Answer no choosen
Disk size question was not asked:
Encryption key was not stored into Github:
Disk size was not stored into GitHub:
Answer yes choosen
Disk size question was asked:
Variable was created:
Re-run script when both encryption key and disk size are setup
Encryption key passed from Environment variables
Checklist