(dev/core#2258) CryptoRegistry - Remove fallback option based on CIVICRM_SITE_KEY.
This was included under the expectation it might make a nicer upgrade. But
I don't think it buys a whole lot:
1. You run the upgrader. The SMTP password is converted from
rj256-ecb-sitekey to aes-cbc-sitekey. All other credentials are left
unencrypted. Afterward, you set CIVICRM_CRED_KEY and run the rekey.
2. You run upgrader. The SMTP password is decrypted. All other credentials
are left unencrypted. Afterward, you set CIVICRM_CRED_KEY and run the rekey.
Additionally, I think there's a question of risk-management when we get to
encrypting more things in the Setting and API layers. If we go with path 2,
then we can ramp-up adoption progressively, e.g.
* Release 1: Add support as non-default option
* Release 2: Enable by default on new builds
* Release 3: Display alert to existing sites that don't have encryption keys
projects / civicrm-core.git / commit