-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support Litestream age encryption #8526
Conversation
WalkthroughWalkthroughThe recent updates enhance security and streamline the setup for self-hosted NocoDB instances. New environment variables for encrypting Litestream replication using age encryption or SSH keys have been introduced. The Dockerfile now includes Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Out of diff range and nitpick comments (1)
packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1)
Line range hint
25-25
: Correct the unpaired symbol in the list of special characters forNC_ADMIN_PASSWORD
.- Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. + Allowed special characters include `$&+,:;=?@#\\|'.^*()%!_-"`.
Review Details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (3)
- packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1 hunks)
- packages/nocodb/Dockerfile (1 hunks)
- packages/nocodb/docker/start-litestream.sh (1 hunks)
Files skipped from review due to trivial changes (1)
- packages/nocodb/Dockerfile
Additional Context Used
LanguageTool (1)
packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1)
Near line 25: Unpaired symbol: ‘'’ seems to be missing
Context: ...ter. Allowed special characters include$&+,:;=?@#\|'.^*()%!_-"
. | | |PORT
| Network port...
Additional comments not posted (5)
packages/nocodb/docker/start-litestream.sh (4)
16-17
: Ensure that the updated environment variable names are reflected in all relevant parts of the system.
25-34
: The implementation for enabling age encryption in the Litestream configuration is correct. However, ensure that thedasel
command is properly tested in the deployment environment as it relies on external tooling.
36-36
: The steps for handling the local database (removal of leftovers, restoration, creation of an empty file, and starting replication) are well-implemented. Ensure that these operations are atomic and handle potential race conditions, especially in a cloud environment.Also applies to: 43-43, 46-46, 51-51
55-55
: Starting NocoDB after Litestream setup is a logical step. Ensure that error handling is robust, especially for startup failures.packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1)
81-82
: The documentation for the new Litestream age encryption environment variables is clear and informative. Ensure that the links to external documentation are kept up-to-date to avoid confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review Details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1 hunks)
- packages/nocodb/docker/start-litestream.sh (2 hunks)
Files skipped from review as they are similar to previous changes (1)
- packages/nocodb/docker/start-litestream.sh
Additional Context Used
LanguageTool (1)
packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1)
Near line 25: Unpaired symbol: ‘'’ seems to be missing
Context: ...ter. Allowed special characters include$&+,:;=?@#\|'.^*()%!_-"
. | | |PORT
| Network port...
Additional comments not posted (1)
packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md (1)
81-82
: Excellent addition of environment variables for Litestream age encryption.The documentation clearly explains the purpose and usage of
LITESTREAM_AGE_PUBLIC_KEY
andLITESTREAM_AGE_SECRET_KEY
. This will help users in configuring age encryption effectively.
Change Summary
Follow-up to #8494 that allows users to opt in to Litestream's integrated age encryption by simply setting the environment variables
LITESTREAM_AGE_PUBLIC_KEY
andLITESTREAM_AGE_SECRET_KEY
.Additionally, the second commit fixes variable names to match the documentation.
Change type
Test/ Verification
Successfully tested in own cloud deployment.
Additional information / screenshots (optional)
The CLI tool dasel is used to query and update the Litestream YAML config file before Litestream is started. This should be a robust solution that doesn't interfere should users still want to use a custom container build replacing the default
litestream.yaml
config for some reason.