From bb0cf04d71783214aab0a65f410f76ba6989513c Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 11 Oct 2024 11:19:48 +0200
Subject: [PATCH] Add note about not changing ActiveRecord encryption secrets
 once they are set (#32413)

---
 lib/tasks/db.rake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tasks/db.rake b/lib/tasks/db.rake
index d8bc927bc4..79599bd917 100644
--- a/lib/tasks/db.rake
+++ b/lib/tasks/db.rake
@@ -8,7 +8,7 @@ namespace :db do
     desc 'Generate a set of keys for configuring Active Record encryption in a given environment'
     task :init do # rubocop:disable Rails/RakeEnvironment
       puts <<~MSG
-        Add these secret environment variables to your Mastodon environment (e.g. .env.production):#{' '}
+        Add the following secret environment variables to your Mastodon environment (e.g. .env.production), ensure they are shared across all your nodes and do not change them after they are set:#{' '}
 
         ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=#{SecureRandom.alphanumeric(32)}
         ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=#{SecureRandom.alphanumeric(32)}