Add workspace tokens table

MR1: Add WorkspaceTokens model and table (!193071 - merged) • Chad Woolley • 18.1

MR2: Add index to workspace tokens on token_encrypted (!194645 - merged) • Chad Woolley • 18.2

Description

Add a new database table workspace_tokens on the lines of cluster_agent_tokens. There will be a 1:1 relationship between workspaces and workspace_tokens with cascade delete.

When a workspace is stopped/terminated, the associated record in workspace_tokens will be deleted. The workspace_tokens will be created when the workspace is started. The docs/creation/deletion will be handled by a separate issue Handle creation/deletion of workspace tokens an... (#547320 - closed) • Chad Woolley • 18.2.

The fields of this table will be

id
created_at
updated_at
workspace_id (foreign key)
token_encrypted
project_id (sharding key, determined by workspaces's project_id)

NOTE: Docs for this new token type at https://docs.gitlab.com/security/tokens (and other places listed in https://docs.gitlab.com/development/secure_coding_guidelines/#token-prefixes) will be added when logic is added to actually create the tokens, as part of Handle creation/deletion of workspace tokens an... (#547320 - closed) • Chad Woolley • 18.2

Acceptance criteria

Add a new table as described above with the appropriate fields.
The tokens should be encrypted.
It should have a 1:1 relationship with workspaces.

Implementation plan

See acceptance criteria.

Edited Jun 16, 2025 by Chad Woolley