feat: generate secret function and replaced few instances (#7810)

This PR fixes #4588

---------

Co-authored-by: Félix Malfait <felix@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>

packages/twenty-docker/.env.example

@@ -8,10 +8,7 @@ REDIS_URL=redis://redis:6379
 SERVER_URL=http://localhost:3000
 
 # Use openssl rand -base64 32 for each secret
-# ACCESS_TOKEN_SECRET=replace_me_with_a_random_string_access
-# LOGIN_TOKEN_SECRET=replace_me_with_a_random_string_login
-# REFRESH_TOKEN_SECRET=replace_me_with_a_random_string_refresh
-# FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
+# APP_SECRET=replace_me_with_a_random_string
 
 SIGN_IN_PREFILLED=true
 

packages/twenty-docker/docker-compose.yml

@@ -35,10 +35,7 @@ services:
       STORAGE_S3_NAME: ${STORAGE_S3_NAME}
       STORAGE_S3_ENDPOINT: ${STORAGE_S3_ENDPOINT}
 
-      ACCESS_TOKEN_SECRET: ${ACCESS_TOKEN_SECRET}
-      LOGIN_TOKEN_SECRET: ${LOGIN_TOKEN_SECRET}
-      REFRESH_TOKEN_SECRET: ${REFRESH_TOKEN_SECRET}
-      FILE_TOKEN_SECRET: ${FILE_TOKEN_SECRET}
+      APP_SECRET: ${APP_SECRET}
     depends_on:
       change-vol-ownership:
         condition: service_completed_successfully
@@ -67,10 +64,7 @@ services:
       STORAGE_S3_NAME: ${STORAGE_S3_NAME}
       STORAGE_S3_ENDPOINT: ${STORAGE_S3_ENDPOINT}
 
-      ACCESS_TOKEN_SECRET: ${ACCESS_TOKEN_SECRET}
-      LOGIN_TOKEN_SECRET: ${LOGIN_TOKEN_SECRET}
-      REFRESH_TOKEN_SECRET: ${REFRESH_TOKEN_SECRET}
-      FILE_TOKEN_SECRET: ${FILE_TOKEN_SECRET}
+      APP_SECRET: ${APP_SECRET}
     depends_on:
       db:
         condition: service_healthy

packages/twenty-docker/k8s/manifests/deployment-server.yaml

@@ -55,26 +55,11 @@ spec:
               value: "7d"
             - name: "LOGIN_TOKEN_EXPIRES_IN"
               value: "1h"
-            - name: ACCESS_TOKEN_SECRET
+            - name: APP_SECRET
               valueFrom:
                 secretKeyRef:
                   name: tokens
                   key: accessToken
-            - name: LOGIN_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: loginToken
-            - name: REFRESH_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: refreshToken
-            - name: FILE_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: fileToken
           ports:
             - containerPort: 3000
               name: http-tcp

packages/twenty-docker/k8s/manifests/deployment-worker.yaml

@@ -42,26 +42,11 @@ spec:
               value: "redis"
             - name: "REDIS_URL"
               value: "redis://twentycrm-redis.twentycrm.svc.cluster.local:6379"
-            - name: ACCESS_TOKEN_SECRET
+            - name: APP_SECRET
               valueFrom:
                 secretKeyRef:
                   name: tokens
                   key: accessToken
-            - name: LOGIN_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: loginToken
-            - name: REFRESH_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: refreshToken
-            - name: FILE_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: tokens
-                  key: fileToken
           command:
             - yarn
             - worker:prod

packages/twenty-docker/k8s/terraform/deployment-server.tf

@@ -91,7 +91,7 @@ resource "kubernetes_deployment" "twentycrm_server" {
             value = "1h"
           }
           env {
-            name = "ACCESS_TOKEN_SECRET"
+            name = "APP_SECRET"
             value_from {
               secret_key_ref {
                 name = "tokens"
@@ -100,36 +100,6 @@ resource "kubernetes_deployment" "twentycrm_server" {
             }
           }
 
-          env {
-            name = "LOGIN_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "loginToken"
-              }
-            }
-          }
-
-          env {
-            name = "REFRESH_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "refreshToken"
-              }
-            }
-          }
-
-          env {
-            name = "FILE_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "fileToken"
-              }
-            }
-          }
-
           port {
             container_port = 3000
             protocol       = "TCP"

packages/twenty-docker/k8s/terraform/deployment-worker.tf

@@ -78,7 +78,7 @@ resource "kubernetes_deployment" "twentycrm_worker" {
           }
 
           env {
-            name = "ACCESS_TOKEN_SECRET"
+            name = "APP_SECRET"
             value_from {
               secret_key_ref {
                 name = "tokens"
@@ -87,36 +87,6 @@ resource "kubernetes_deployment" "twentycrm_worker" {
             }
           }
 
-          env {
-            name = "LOGIN_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "loginToken"
-              }
-            }
-          }
-
-          env {
-            name = "REFRESH_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "refreshToken"
-              }
-            }
-          }
-
-          env {
-            name = "FILE_TOKEN_SECRET"
-            value_from {
-              secret_key_ref {
-                name = "tokens"
-                key  = "fileToken"
-              }
-            }
-          }
-
           resources {
             requests = {
               cpu    = "250m"