Secure Files MVC & Follow Up
The purpose of this issue is to track the work that needs to be completed in order for the first MVC of Secure Files to be released and to capture the work for follow-up iterations. This issue will be updated as items are completed or added.
MVC
-
✅ New storage setting for Secure Files -
✅ Secure Files API Review -
✅ Bash replacement for secure_file_loader.rb - Secure Files MVC Documentation
-
✅ Remove Ci::SecureFile objects when a project is destroyed - MR -
✅ Secure Files UI MVC - MR -
✅ Production Readiness Review for the Secure Files feature - MR -
✅ Add a limit to the number of Secure Files that can be added to a project - MR -
✅ Add optional support for file checksum to Secure File uploads - MR -
✅ Use a per-file encryption key for Secure Files - MR -
✅ Adds a project scoped unique file name constraint for Secure Files - MR -
✅ Document project Secure File limit (100 per project) - MR -
✅ Ensure the URL hasn't been tampered with - MR -
✅ Ensure API access is limited to verified users/projects only - MR -
✅ Add an ops feature flag to support a read-only version of the API - MR -
✅ Remove optional support for file checksum to Secure File uploads - MR -
🔵 Prevent abuse of Secure Files upload API -
✅ [Feature flag] Rollout ofci_secure_files
Follow-up
-
Runner Integration -
Move Secure File deletion to a background job -
Add Audit Events for Secure Files -
Wrap Secure File upload / delete in a transaction -
Create a mechanism to rotate a Secure File's encryption key -
Add instrumentation to measure the performance of the encrypt/decrypt mechanisms link -
Secure Files GraphQL API -
Content Masking -
Implement backup/restore -
Add Geo support -
Instrument encrypt/decrypt performance for Secure Files -
Determine target SLAs for Secure Files -
Determine an approach to measure end-to-end customer experience of Secure Files
Edited by Darby Frey