Introduce a new gitlab:doctor:encryption_keys task (!187500) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Introduce a new gitlab:doctor:check_encryption_keys task.

The task:

Provides a list the current keys detected (from secrets.yml)
Detect what keys were used to encrypt records and shows the number of encrypted records for each encryption key fingerprint

This will help identify problems such as Active Record Decryption Error since upgrading ... (#527923 - closed).

I haven't written tests yet as I'd like to have this included in 17.11 (and back-ported to 17.10, and 17.9) ASAP. I can work on adding tests later.

This should be ported back to %17.10, and %17.9.

References

Closes Create tooling to detect AR::Encryption-related... (#535126 - closed)
Related to Active Record Decryption Error since upgrading ... (#527923 - closed)

Screenshots or screen recordings

How to set up and validate locally

$ bundle exec rake gitlab:doctor:encryption_keys

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Apr 09, 2025 by Rémy Coutable

Introduce a new gitlab:doctor:encryption_keys task

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports