Strip pasted private GPG and SSH keys client-side
Description
The GPG ans SSH public key textareas have the following placeholder help texts:
This does not prevent the user to do stupid things (by accident, lack of competence, or whatever), and even if the content is refused by GitLab upon validation the value may end up in various areas such as logs.
Proposal
Prevent the user to do stupid things, client side, so that its private key never leaves his clipboard/user agent. Instantly strip away any text between (and including) markers -----BEGIN PGP PRIVATE KEY BLOCK-----
and -----END PGP PRIVATE KEY BLOCK-----
. This also applies to SSH private keys with at least the -----BEGIN RSA PRIVATE KEY-----
and -----END RSA PRIVATE KEY-----
markers (also, DSA, ECDSA...)
Links / references
Documentation blurb
Overview
What is it? Why should someone use this feature? What is the underlying (business) problem? How do you use this feature?
Use cases
Who is this for? Provide one or more use cases.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml