From 4331f008f03063b4ae22a1e3ed3a56a163338a75 Mon Sep 17 00:00:00 2001
From: thespad <git@spad.co.uk>
Date: Sat, 25 May 2024 21:01:17 +0100
Subject: [PATCH 1/2] Add ARE envs to readme

---
 README.md       | 9 +++++++++
 readme-vars.yml | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 3d7b159..28a0dde 100644
--- a/README.md
+++ b/README.md
@@ -129,6 +129,9 @@ services:
       - DB_PASS=mastodon
       - DB_PORT=5432
       - ES_ENABLED=false
+      - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+      - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
+      - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
       - SECRET_KEY_BASE=
       - OTP_SECRET=
       - VAPID_PRIVATE_KEY=
@@ -179,6 +182,9 @@ docker run -d \
   -e DB_PASS=mastodon \
   -e DB_PORT=5432 \
   -e ES_ENABLED=false \
+  -e ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= \
+  -e ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= \
+  -e ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= \
   -e SECRET_KEY_BASE= \
   -e OTP_SECRET= \
   -e VAPID_PRIVATE_KEY= \
@@ -231,6 +237,9 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e DB_PASS=mastodon` | Postgres password |
 | `-e DB_PORT=5432` | Portgres port |
 | `-e ES_ENABLED=false` | Enable or disable Elasticsearch (requires a separate ES instance) |
+| `-e ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=` | Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). |
+| `-e ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=` | Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). |
+| `-e ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=` | Derivation salt for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files). |
 | `-e SECRET_KEY_BASE=` | Browser session secret. Changing it will break all active browser sessions. |
 | `-e OTP_SECRET=` | MFA secret. Changing it will break two-factor authentication. |
 | `-e VAPID_PRIVATE_KEY=` | Push notification private key. Changing it will break push notifications. |
diff --git a/readme-vars.yml b/readme-vars.yml
index e7bd0e7..ea54f56 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -36,6 +36,9 @@ param_env_vars:
   - { env_var: "DB_PASS", env_value: "mastodon", desc: "Postgres password"}
   - { env_var: "DB_PORT", env_value: "5432", desc: "Portgres port"}
   - { env_var: "ES_ENABLED", env_value: "false", desc: "Enable or disable Elasticsearch (requires a separate ES instance)"}
+  - { env_var: "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", env_value: "", desc: "Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."}
+  - { env_var: "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", env_value: "", desc: "Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."}
+  - { env_var: "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT", env_value: "", desc: "Derivation salt for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."}
   - { env_var: "SECRET_KEY_BASE", env_value: "", desc: "Browser session secret. Changing it will break all active browser sessions."}
   - { env_var: "OTP_SECRET", env_value: "", desc: "MFA secret. Changing it will break two-factor authentication."}
   - { env_var: "VAPID_PRIVATE_KEY", env_value: "", desc: "Push notification private key. Changing it will break push notifications."}

From c3c04020c0e635a5d2c642a3a835cbac9dfc0ea0 Mon Sep 17 00:00:00 2001
From: thespad <git@spad.co.uk>
Date: Sat, 25 May 2024 21:11:05 +0100
Subject: [PATCH 2/2] Fix postgres typo

---
 readme-vars.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme-vars.yml b/readme-vars.yml
index ea54f56..8b44e8e 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -34,7 +34,7 @@ param_env_vars:
   - { env_var: "DB_USER", env_value: "mastodon", desc: "Postgres username"}
   - { env_var: "DB_NAME", env_value: "mastodon", desc: "Postgres db name"}
   - { env_var: "DB_PASS", env_value: "mastodon", desc: "Postgres password"}
-  - { env_var: "DB_PORT", env_value: "5432", desc: "Portgres port"}
+  - { env_var: "DB_PORT", env_value: "5432", desc: "Postgres port"}
   - { env_var: "ES_ENABLED", env_value: "false", desc: "Enable or disable Elasticsearch (requires a separate ES instance)"}
   - { env_var: "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", env_value: "", desc: "Primary key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."}
   - { env_var: "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", env_value: "", desc: "Deterministic key for [Active Record Encryption](https://github.com/mastodon/mastodon/pull/29831/files)."}