Harden release evidence hash with encryption
Problem to solve
While we were investigating the security issue #121610 (closed) and #34402 (closed), we realized that there are some problems on the current summary
structure:
- Issues expose confidential information
- Permissions of
release_evidence
data - Lack of Encryption
- We disabled the evidence readability in GitLab instance that enables External authorization control
The Lack of Encryption is addressed in this issue, while the other points have been split out to be addressed in https://gitlab.com/gitlab-org/gitlab/-/issues/281144
Intended users
- Rachel (Release Manager)
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
Further details
See https://gitlab.com/gitlab-org/gitlab/issues/121930 for context and additional details around discovery of release hash issues
Proposal
Apply encryption to the Evidence JSON data.
-
Use the attr_encrypted Gem to apply encryption to the evidences.summary
JSONB field on theReleases::Evidence
model. -
Create a migration to encrypt existing data
Notes
- The
summary_sha
column should not need encryption, and the current code inReleases::CreateEvidenceService
should not need changing as the SHA is generated before the Evidence is saved. This should be verified with tests. - There is an existing open issue related to
summary_sha
collection. - The
attr_encrypted
Gem is used in several places within GitLab, however the Gem itself is looking for a maintainer, and it's CI is broken on GitHub. - There is an open issue discussing a possible move away from
attr_encrypted
. If that move is confirmed, then this issue should follow the decision there.
Permissions and Security
- Secrets should not be included and if confidential information is included it should be encrypted
Documentation
- Release evidence - https://docs.gitlab.com/ee/user/project/releases/index.html#release-evidence
Availability & Testing
- Confirm when using the API that release evidence is not accessible without auditor role
What does success look like, and how can we measure that?
- Confidential issue data other than ID are not exposed in evidence
What is the type of buyer?
- Starter, premium, ultimate
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.