You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed by chance that the gem doesn't read the :otp_secret_encryption_key configuration anymore.
$ rg otp_secret_encryption_key -C 3 lib/
lib/devise-two-factor.rb
13- @@otp_allowed_drift = 30
14-
15- # The key used to encrypt OTP secrets in the database in legacy installs.
16: mattr_accessor :otp_secret_encryption_key
17: @@otp_secret_encryption_key = nil
18-
19- # These options are passed to the Rails 7+ encrypted attribute
20- mattr_accessor :otp_encrypted_attribute_options
lib/devise_two_factor/models/two_factor_authenticatable.rb
91- Devise::Models.config(self, :otp_secret_length,
92- :otp_allowed_drift,
93- :otp_encrypted_attribute_options,
94: :otp_secret_encryption_key)
95-
96- def generate_otp_secret(otp_secret_length = self.otp_secret_length)
97- ROTP::Base32.random_base32(otp_secret_length)
The only reason why it can't be removed at all is its usage in the legacy_otp_secret method from the upgrading guide. But when that method is removed during the clean up phase, it should be mentioned that the otp_secret_encryption_key attribute can now be removed as well. This would keep us from carrying unused secrets in our config.
The text was updated successfully, but these errors were encountered:
I noticed by chance that the gem doesn't read the
:otp_secret_encryption_key
configuration anymore.The only reason why it can't be removed at all is its usage in the
legacy_otp_secret
method from the upgrading guide. But when that method is removed during the clean up phase, it should be mentioned that theotp_secret_encryption_key
attribute can now be removed as well. This would keep us from carrying unused secrets in our config.The text was updated successfully, but these errors were encountered: