Add link to public GPG keys on user profile (!68678) · Merge requests · GitLab.org / GitLab · GitLab

Peter Hegman requested to merge 333242-show-gpg-key-on-gitlab-profile-page into master Aug 20, 2021

📖 What does this MR do?

Related to #333242 (closed)

There is a somewhat unknown feature that allows you to see a user's public GPG keys by navigation to /<username>.gpg. This MR adds a button to the user profile that links to /<username>.gpg. This button is only shown if the user has a verified GPG key setup.

📷 Screenshots

View	Before	After
Desktop
Mobile

💻 How to setup and validate locally

Login to GDK as the root user
Navigate to /-/profile/gpg_keys
Add this GPG public key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGEf1uoBEADASaeSNP9p87qBp6D0/wbrGcjWYr8p3KG+6cigSHhaPFyshuAw
Wpm8mWTlKbDFD5v94QcilafD+HPwbQ18ijxf6H+SQ0d346bbm6t4T0E4jOfDLVbE
8mUEPZKDNk+gDe3eCpLdQqBKEh5By6uqqS1A8TWVDZhyWg++jMBR3jxLKvk0QkMK
alAOf6VK2lJTwtcX49uHVq3ijcTrmwT8tQVIabxyOA60WVAuaIVRs63g2KxUzwSq
9TXBLXOA1iodvPXZWMzTDkV3LeqTD+Mf8gHcNR4kSGDWwzTr79JetJLk0LtrsH8Y
mnQbuiFJjD+QMoUCZ4yr1eNSkKt5KxtHiBOJQ+90LCdgxB0MrU4cIeG8rOVQuYqc
a5kGrXyXN6GgydOs7T4ZCzuikrIv2MFvf3fZlyNy/01HtaEvNLURWP/NJvXiZ4H1
s1YLHKDjHvoktB0iO8+9jlOffN0jCgHyDdYJUpKFsRtCk/z20ewKi5CIwlgmqxjB
c3nqsfoTrI6tjw1VFiqxLU8wKjAqnZbTu75q27cS2dBKlfhqgLr/6Ahtyqg54Bki
ZMYyg6Ruspt7Ot3Hs8ocfafszHqssE7jubPm5QwiXycTEMJ4PC4WEV81m5g/WFsZ
Ao2KMhGNtqYlcm56E20M613GS/EMhL4zWZZXjwbf0qDN+YF2ULF/3+XWGQARAQAB
tCBQZXRlciBIZWdtYW4gPGFkbWluQGV4YW1wbGUuY29tPokCUgQTAQgAPBYhBE4U
oEqPKCMc1ORXGtJcpCb5vjPaBQJhH9bqAhsDBQsJCAcCAyICAQYVCgkICwIEFgID
AQIeBwIXgAAKCRDSXKQm+b4z2iToD/9q94C/2qh+xC/BjDOYONl5nasTTIoK6dB+
vQwG44uHSSQSJjZjJLLydmPlWih73kb30KRH5xCmHtJCIyhLVRQgmI4Me48fc9sA
7PamHE5tUP8nITCOcx4fxyUD767+DUR0GvfhiigA0rfCTzzw54ZHdOb6pOZSHfd9
Z5EZVlM3XqlH88LItsdU5Rq+ctqH9iPwqb9X30mePWECKKVuDpwDxvUoTejyVdF1
Wz3cCH53tXUdLsk/ntXlTVbWZ28eneQtAJuPP1TwARNDpglPaNVT1GzwdK+OdiqQ
yXYWtCVcRU65PJlSa9BqFM8ThdZHmHvBTF4go+wzsVd+UYgYZ8Yvt8v+S50lzqB1
/ToG5SYJHMmpoMPfNin/LaFy1RmzVJz55qCODvfVTZAGddI8cClWnlgH2g0tF6z3
7B1BTyKug1wuhjwZnEswEMgGHGvBd53AmZ6m7hfureZW41b1Yw8JGpl9mMFUeaJ6
LiKTw58ZiY7bdcrcweFBflKxHrMjWZJlIK/KSGrPcy/EBCx1QEAUUNL/juVtoq+0
nw74Ar+M4cf2kSyXfqeeTF/zZQYUB5le0fLp8bEcOolWkkA07Nex6FFx+DFD01jn
JFKqzclkfupMUGDZlpkEKndwbyz90DbsYSP0j+ATPLQ4IQtKVtBzNFqQiigO0qyU
ytJxqfQCCLkCDQRhH9bqARAA9PtylpM47nJ3YGBTYrpfHTFi92MVT/0bBCx6iHnQ
AbMF8CGW7GdMMikGYNvs7jV67UPUlwfqgRkGcZ5FyECqmSOY5U3bLMYNs0de2QBV
m2HxsUr8t5DkyPE5QHp6L+jB48b6/Hup5ifI7vrxALEVbKUKWfBDMT6mCWz4SGSV
0k6WKUVLbPAzSDUyTFnHhs32cjAcHfmTmtdnl/XfG+vlcSG3VdzS4z9FROhSv5qy
vrrJ9KoM9r31Yu3WGS5rG/qMUlCvu+3zrV0ex+9YWDtWdGv6P3pHJJH8112l2A7K
tdnUMUd33WAEGSRzHuDLNwSic81ElagTvsynQpymgmm8OIMuEHhrWODAsSj5Wpk4
Bxdz5sYik+OXZNWqT8H7ZhW9hxJnYtNplCksK8Jj3bg9jJ44IvmcM37VFBBTHgbu
SkG+iUTjBGZqAX22BQw4ikdRqePSqPNkMXIwxvFxhG5/rtCI0S/SzbLP+ZL+Tw24
+uz7YYFc7OS6h8FitUt5+5u1Yjp7Cv68ZevcvCwbkMg1XchSqPBkYYeAP5HxuVcp
QgNs2gJCsBwONuRgtZKVODECXnTpnTKGHcMjv3qz94Q//7QSdEnJzJ25jYcQeHEE
mo0i3kiDvo2EcGvs9aGjY0rGVq6xMg2caDfYnxvXwUtIkqeW4WonUCtvsf4orxZ1
FUkAEQEAAYkCNgQYAQgAIBYhBE4UoEqPKCMc1ORXGtJcpCb5vjPaBQJhH9bqAhsM
AAoJENJcpCb5vjPa3mIP/2Q4rwD2BvOu1+yHCdp4/ECxJoH06aw05NDRF2RX5HGI
VCsubPBbcVq7DaLjv/IiPnKw12XdkZq8OW4O/xnC2ZTD6JrwrLgVIKUkJ1bt0ORy
u9cP+PetnWW0AF+WP+1vf2B2RRYxkWh6ATFmjYkzrU69YRugw3ja+Fjj2nmLzwTf
ps5Kz+in6J7XeeutGPBA5m92AilEzdsLO16JTcJR6Tom4s/Tk2OmmvbTjPv1dXXm
B5mYzd4ZtfUEn0iqZLYQu+r9tqF3fGKh7mgSahI5hkwmkbFMczbxjvzmTWt2kxwq
jRi+creOJcpAIXp/s9aLZD0KdNYS+JI4iWdOecfEkJXSQR/Jr8jrHs1qKJqmDTvt
yz0bJ8MFh1QNqsH2eflJ3cBuQA7WguH6RA+0OnyzaQwa4VATEJYd1mcdpTCKIhX9
wJGla6ZsNkmmKa75qOau1t4lh5NiylETsfNRYCvruRWJ3H+0WzzUNBzRIEmDHS/T
S7oOnMtk/Xgoi/2WGo0FRR9yhjurpQ6LI9zrbnOxKAOBuvL2KdVRcoxjxrQn1ilY
WT+u6bykB75X23mA4KQthDphSngMmE0L0win+j53fFkL+SZxYmQUvDhlfIt9grZI
J0W3eFSF81UowlLIHKvO2xiTgNVSvRfiR0vTcrajNej9eoN+bjz+GM7qWnN1/dwW
=Vxse
-----END PGP PUBLIC KEY BLOCK-----

Navigate to your profile

🚦 Does this MR meet the acceptance criteria?

Conformity

I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
[-] I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.
This change is backwards compatible across updates, or this does not apply.

Availability and Testing

I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
I have tested this MR in all supported browsers, or it's not needed.
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Aug 25, 2021 by Peter Hegman