From 52bc33115d1dc0c544244aa008cb0f2c356531d1 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Tue, 15 Oct 2024 10:14:17 -0400
Subject: [PATCH] Add mention of encryption secrets to production sample
 (#32512)

---
 .env.production.sample | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.env.production.sample b/.env.production.sample
index 0b458a1aa9..87ea031c4c 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -45,6 +45,16 @@ ES_PASS=password
 SECRET_KEY_BASE=
 OTP_SECRET=
 
+# Encryption secrets
+# ------------------
+# Must be available (and set to same values) for all server processes
+# These are private/secret values, do not share outside hosting environment
+# Use `bin/rails db:encryption:init` to generate fresh secrets
+# ------------------
+# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
+# ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
+# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+
 # Web Push
 # --------
 # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`