Allow whitespace and comments in db key file

fixes #4542
pulp · Oct 17, 2023 · 8681553 · 8681553
1 parent 462d736
commit 8681553
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/CHANGES/4542.feature b/CHANGES/4542.feature
@@ -0,0 +1 @@
+Parsing of the db encryption key was made resiliant to whitespace and to allow comments.
diff --git a/pulpcore/app/models/fields.py b/pulpcore/app/models/fields.py
@@ -1,17 +1,15 @@
 import json
 import logging
 import os
-from gettext import gettext as _
 from functools import lru_cache
+from gettext import gettext as _
 
 from cryptography.fernet import Fernet, MultiFernet
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
-from django.db.models import Lookup, FileField, JSONField
+from django.db.models import FileField, JSONField, Lookup
 from django.db.models.fields import Field, TextField
 from django.utils.encoding import force_bytes, force_str
-
-
 from pulpcore.app.files import TemporaryDownloadedFile
 from pulpcore.app.loggers import deprecation_logger
 
@@ -23,7 +21,13 @@ def _fernet():
     # Cache the enryption keys once per application.
     _logger.debug(f"Loading encryption key from {settings.DB_ENCRYPTION_KEY}")
     with open(settings.DB_ENCRYPTION_KEY, "rb") as key_file:
-        return MultiFernet([Fernet(key) for key in key_file.readlines()])
+        return MultiFernet(
+            [
+                Fernet(key.strip())
+                for key in key_file.readlines()
+                if not key.startswith(b"#") and key.strip() != b""
+            ]
+        )
 
 
 class ArtifactFileField(FileField):