Encrypt webhook tokens and URLs in the database (!21645) · Merge requests · GitLab.org / GitLab FOSS

The source project of this merge request has been removed.

What does this MR do?

Introduces the following database columns

web_hooks.encrypted_token
web_hooks.encrypted_token_iv
web_hooks.encrypted_url
web_hooks.encrypted_url_iv

These shadow the web_hooks.token and web_hooks.url columns.

attr_encrypted is used to store new webhook tokens and URLs encrypted in the database.

Unencrypted token and url values whenever a webhook updates.

I still need to figure out how to migrate the existing data proactively in a background migration.

I think we'll need an %11.5 follow-up to remove the fall-back-to-unencrypted-fields logic, and the unencrypted columns itself. Need to investigate that in some more detail.

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
Tests added for this feature/bug
Conforms to the code review guidelines
Conforms to the merge request performance guidelines
Conforms to the style guides
Conforms to the database guides

Closes #51021

Edited Oct 01, 2018 by Nick Thomas

Encrypt webhook tokens and URLs in the database

What does this MR do?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports