Drone supports aesgcm encryption of secrets stored in the database. You must enable encryption before any secrets are stored in the database.
-
Create an encryption key:
$ openssl rand -hex 16 0c549fd39ae397333761d2cb0c53c219 -
Provide the encryption key to the Drone server:
DRONE_DATABASE_SECRET=0c549fd39ae397333761d2cb0c53c219
Database encryption must be configured before secrets are added to the database. You cannot enable encryption if the secrets table has existing records.