vcs.fsf.org Git - civicrm-core.git/commit

author	Tim Otten <totten@civicrm.org>
	Fri, 15 Apr 2022 06:50:51 +0000 (23:50 -0700)
committer	Tim Otten <totten@civicrm.org>
	Fri, 15 Apr 2022 07:06:49 +0000 (00:06 -0700)
commit	81e3a0d7ed7a8e7b3fecfa752ca5e1b9af80dc90
tree	c729d3f41e572bb16d82bc6a6d1be23484d09084	tree \| snapshot (zip tar.gz)
parent	2d8aa03ea5aea744056f893ecb460eff4dd98b8f	commit \| diff

Overview
--------

The setting `CIVICRM_SIGN_KEYS` was introduced circa 5.36.  However, it is
defined in `civicrm.settings.php`, which makes it difficult to reliably
configure in an automated upgrade.  Consequently, some sites may not have
this setting, and we must rely on the sysadmin to provide it.

The setting is required for the `crypto.jwt` API (which in turn is used by
some core extensions, like `authx` and `afform`).

Before
------

There is a pre-upgrade message when somebody passes through v5.36.

If you missed the message in 5.36, then you would be unaware of the missing
setting (until you hit some failure because you use some new/update
code-path that relies on it).

After
-----

There is a system status-check.  If you don't have `CIVICRM_SIGN_KEYS`, then
it will show a link to https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/.