From 608b77a662e7114268741c89ae08f3f3c2f236c9 Mon Sep 17 00:00:00 2001
From: Jerry1098 <github.secluded554@passmail.com>
Date: Tue, 28 Apr 2026 06:29:10 +0200
Subject: [PATCH] Fix Dawarich Install/Update (#14078)

* [feat] adding envs

Add required envs to .env

https://github.com/Freika/dawarich/issues/2543

* Dawarich: add required envs to install script
---
 ct/dawarich.sh              | 10 +++++++++-
 install/dawarich-install.sh |  6 +++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ct/dawarich.sh b/ct/dawarich.sh
index 3d1ca7e02..805a6c0a1 100644
--- a/ct/dawarich.sh
+++ b/ct/dawarich.sh
@@ -54,7 +54,15 @@ function update_script() {
     eval "$(/root/.rbenv/bin/rbenv init - bash)"
 
     if ! grep -q "OTP_ENCRYPTION_PRIMARY_KEY" /opt/dawarich/.env; then
-      echo "OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)" >>/opt/dawarich/.env
+      echo "OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
+    fi
+
+    if ! grep -q "OTP_ENCRYPTION_DETERMINISTIC_KEY" /opt/dawarich/.env; then
+      echo "OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
+    fi
+
+    if ! grep -q "OTP_ENCRYPTION_KEY_DERIVATION_SALT" /opt/dawarich/.env; then
+      echo "OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)" >>/opt/dawarich/.env
     fi
 
     set -a && source /opt/dawarich/.env && set +a
diff --git a/install/dawarich-install.sh b/install/dawarich-install.sh
index 34e58ded7..06a974735 100644
--- a/install/dawarich-install.sh
+++ b/install/dawarich-install.sh
@@ -46,12 +46,16 @@ msg_ok "Set up Directories"
 
 msg_info "Configuring Environment"
 SECRET_KEY_BASE=$(openssl rand -hex 64)
-OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)
+OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)
+OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)
+OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)
 RELEASE=$(get_latest_github_release "Freika/dawarich")
 cat <<EOF >/opt/dawarich/.env
 RAILS_ENV=production
 SECRET_KEY_BASE=${SECRET_KEY_BASE}
 OTP_ENCRYPTION_PRIMARY_KEY=${OTP_ENCRYPTION_PRIMARY_KEY}
+OTP_ENCRYPTION_DETERMINISTIC_KEY=${OTP_ENCRYPTION_DETERMINISTIC_KEY}
+OTP_ENCRYPTION_KEY_DERIVATION_SALT=${OTP_ENCRYPTION_KEY_DERIVATION_SALT}
 DATABASE_HOST=localhost
 DATABASE_USERNAME=${PG_DB_USER}
 DATABASE_PASSWORD=${PG_DB_PASS}