Related to #213259 (closed).
This MR provides support "ecdsa-sk" and "ed25519-sk" SSH keys.
In !77374 (merged), !77403 (merged), !77996 (merged), !77424 (merged), and !78532 (merged) we have done the work that facilitates support "ecdsa-sk" and "ed25519-sk" SSH keys.
By adding support "ecdsa-sk" and "ed25519-sk" SSH keys, we provide a new, more secure, and easy-to-use way to strongly authenticate with Git while preventing unintended and potentially malicious access. For instance, if a user's private key file on their computer is stolen, it would be useless without the user's security key.
Read:
Changelog: added
Demo: Using "ecdsa-sk" and "ed25519-sk" SSH keys - https://www.youtube.com/watch?v=DtmZEVguN7g
AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings
migration is reversible:
bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:migrate
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrating
-- add_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0020s
-- add_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0016s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: migrated (0.0037s)
bogdanvlviv@lenovo:~/gitlab-development-kit/gitlab$ bin/rails db:rollback
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverting
-- remove_column(:application_settings, :ed25519_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0018s
-- remove_column(:application_settings, :ecdsa_sk_key_restriction, :integer, {:default=>0, :null=>false})
-> 0.0013s
== 20220128093756 AddEcdsaSkAndEd25519SkKeyRestrictionsToApplicationSettings: reverted (0.0044s)
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.