[Cells 1.0] (Size: S) Migrate to devise-two-factor 5.x, which will make otp_key_base useless

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

GitLab stores the secret data required for two-factor authentication (2FA) in an encrypted database column. The encryption key for this data is known as otp_key_base, and is stored in config/secrets.yml.

Decide what to do with this secret with respect to Cells

Options:

• Per cell
• Ensure it is the same for all cells
• Something else

Proposal (2024-12-02)

Once we'll use ActiveRecord::Encryption, we should migrate to the devise-two-factor 5.x, which will make otp_key_base useless: https://github.com/devise-two-factor/devise-two-factor/blob/main/UPGRADING.md#upgrading-from-4x-to-5x.

Estimate

• 3 days of backend