Add group encryption key backend (!112547) · Merge requests · GitLab.org / GitLab

Pascal Zumkehr requested to merge codez0/gitlab:group-encryption-keys-backend into master Feb 21, 2023

Superseded by !112681 (closed) (using Gitlab community fork with sufficient CI minutes)

What does this MR do and why?

Adds group encryption keys so each organization is able to en-/decrypt CI variables in the database with their own key. This is part of issue #378386 (closed) and supersedes MR !110520 (closed). The database model is created in the previous MR !112545 (closed)

The GroupEncryptionKey model holds the optional encryption key for each (root) group. If such a key exists, it is used to en-/decrypt all descendant CI variables of this group. Whenever the key for a group is changed, the values of all descendant CI variables are re-encrypted with the new key in a background job. The same happens when a group or a project is transferred to another root group.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 22, 2023 by Pascal Zumkehr

Add group encryption key backend

What does this MR do and why?

MR acceptance checklist

Merge request reports