diff --git a/docs/configuration.md b/docs/configuration.md
index b82d4e2f047d1aed391d8365ded45a8ed5176258..d837f7fdbe07817c80609d56172d44352504a33c 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -172,7 +172,7 @@ Obviously, you can't set repository or package file location with this method.
</tr>
<tr>
<td>`encrypted`</td>
- <td>A configuration object containing configuration encrypted with project key</td>
+ <td>A configuration object containing configuration encrypted with project key. Valid inside renovate.json only</td>
<td>json</td>
<td><pre>null</pre></td>
<td>`RENOVATE_ENCRYPTED`</td>
diff --git a/lib/config/decrypt.js b/lib/config/decrypt.js
index e0c3ae04dcca1ecd396d46f90b20a5c41152d1f8..58974097932c096b72a05317a97dc7231327199d 100644
--- a/lib/config/decrypt.js
+++ b/lib/config/decrypt.js
@@ -4,13 +4,9 @@ module.exports = {
decryptConfig,
};
-function decryptConfig(
- config,
- logger = config.logger,
- privateKey = config.privateKey
-) {
- const decryptedConfig = { ...config };
+function decryptConfig(config, logger, privateKey) {
logger.trace({ config }, 'decryptConfig');
+ const decryptedConfig = { ...config };
for (const key of Object.keys(config)) {
const val = config[key];
if (key === 'encrypted' && isObject(val)) {
diff --git a/lib/config/definitions.js b/lib/config/definitions.js
index c128f35a029458d71aec2856a2c97682af93bf0d..d552e64479bfcf729144d8a064839f3fe1873cd3 100644
--- a/lib/config/definitions.js
+++ b/lib/config/definitions.js
@@ -89,7 +89,7 @@ const options = [
{
name: 'encrypted',
description:
- 'A configuration object containing configuration encrypted with project key',
+ 'A configuration object containing configuration encrypted with project key. Valid inside renovate.json only',
stage: 'repository',
type: 'json',
default: null,
diff --git a/lib/workers/repository/apis.js b/lib/workers/repository/apis.js
index 05bcf1ac0dcb27467766e1f978be96825c614402..e1613883ca38d1dd14771449ad92ddbfdc50f89e 100644
--- a/lib/workers/repository/apis.js
+++ b/lib/workers/repository/apis.js
@@ -12,6 +12,8 @@ const githubPlatform = require('../../platform/github');
const gitlabPlatform = require('../../platform/gitlab');
const dockerResolve = require('../../manager/docker/resolve');
+const { decryptConfig } = require('../../config/decrypt');
+
module.exports = {
detectSemanticCommits,
checkMonorepos,
@@ -213,8 +215,13 @@ async function mergeRenovateJson(config, branchName) {
logger.debug({ config: renovateJson }, 'renovate.json config');
const migratedConfig = migrateAndValidate(config, renovateJson);
logger.debug({ config: migratedConfig }, 'renovate.json migrated config');
- const resolvedConfig = await presets.resolveConfigPresets(
+ const decryptedConfig = decryptConfig(
migratedConfig,
+ logger,
+ config.privateKey
+ );
+ const resolvedConfig = await presets.resolveConfigPresets(
+ decryptedConfig,
config.logger
);
logger.debug({ config: resolvedConfig }, 'renovate.json resolved config');
diff --git a/lib/workers/repository/index.js b/lib/workers/repository/index.js
index 7000cd3b83622739126f4f1c1e39dcd9094cf065..73d9b14079a36b14732a0a375a287335736c80fe 100644
--- a/lib/workers/repository/index.js
+++ b/lib/workers/repository/index.js
@@ -8,7 +8,6 @@ const apis = require('./apis');
const onboarding = require('./onboarding');
const upgrades = require('./upgrades');
const cleanup = require('./cleanup');
-const { decryptConfig } = require('../../config/decrypt');
module.exports = {
pinDependenciesFirst,
@@ -109,8 +108,6 @@ async function renovateRepository(repoConfig, token) {
logger.trace({ config }, 'post-packageFiles config');
// TODO: why is this fix needed?!
config.logger = logger;
- config = decryptConfig(config);
- logger.trace({ config }, 'post-decrypt config');
const allUpgrades = await upgrades.determineRepoUpgrades(config);
const res = await upgrades.branchifyUpgrades(allUpgrades, logger);
config.errors = config.errors.concat(res.errors);
diff --git a/test/config/decrypt.spec.js b/test/config/decrypt.spec.js
index 456f42bd378a3f79d1f698953a3b41ff72097c6e..62543105a9ef3ac00ccdde699be01f43b870237a 100644
--- a/test/config/decrypt.spec.js
+++ b/test/config/decrypt.spec.js
@@ -1,37 +1,36 @@
const { decryptConfig } = require('../../lib/config/decrypt.js');
-const defaultConfig = require('../../lib/config/defaults').getConfig();
const logger = require('../_fixtures/logger');
const fs = require('fs');
const privateKey = fs.readFileSync('test/_fixtures/keys/private.pem');
-describe('config/massage', () => {
- describe('massageConfig', () => {
+describe('config/decrypt', () => {
+ describe('decryptConfig()', () => {
let config;
beforeEach(() => {
- config = { ...defaultConfig, logger };
+ config = {};
});
it('returns empty with no privateKey', () => {
delete config.encrypted;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger);
expect(res).toMatchObject(config);
});
it('warns if no privateKey found', () => {
config.encrypted = { a: '1' };
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger);
expect(res.encrypted).not.toBeDefined();
expect(res.a).not.toBeDefined();
});
it('handles invalid encrypted type', () => {
config.encrypted = 1;
config.privateKey = privateKey;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
});
it('handles invalid encrypted value', () => {
config.encrypted = { a: 1 };
config.privateKey = privateKey;
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
expect(res.a).not.toBeDefined();
});
@@ -50,7 +49,7 @@ describe('config/massage', () => {
},
},
];
- const res = decryptConfig(config);
+ const res = decryptConfig(config, logger, privateKey);
expect(res.encrypted).not.toBeDefined();
expect(res.packageFiles[0].devDependencies.encrypted).not.toBeDefined();
expect(res.packageFiles[0].devDependencies.branchPrefix).toEqual(