Store Let's Encrypt private key in settings

Storing this key in secrets.yml was a bad idea, it would require users using HA setups to manually replicate secrets across nodes during update, it also needed support from omnibus package * Revert "Generate Let's Encrypt private key" This reverts commit 444959bfa0b79e827a2a1a7a314acac19390f976. * Add Let's Encrypt private key to settings as encrypted attribute * Generate Let's Encrypt private key in database migration
author: Vladimir Shushlin <vshushlin@gitlab.com> 2019-05-28 04:47:34 +0000
committer: Stan Hu <stanhu@gmail.com> 2019-05-28 04:47:34 +0000
commit: 4687ff7c9be789341e82a6440234fce43f30b5be (patch)
tree: 59b72fafa974c92af04590e7fc3b64c6536aef70 /app/models/application_setting.rb
parent: af43970834b911242eecf9b7c815faf0f6b50048 (diff)
download: gitlab-ce-4687ff7c9be789341e82a6440234fce43f30b5be.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index fb1e558e46c..bbe2d2e8fd4 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -257,6 +257,12 @@ class ApplicationSetting < ApplicationRecord
                  algorithm: 'aes-256-gcm',
                  encode: true
 
+  attr_encrypted :lets_encrypt_private_key,
+                 mode: :per_attribute_iv,
+                 key: Settings.attr_encrypted_db_key_base_truncated,
+                 algorithm: 'aes-256-gcm',
+                 encode: true
+
   before_validation :ensure_uuid!
   before_validation :strip_sentry_values
author	Vladimir Shushlin <vshushlin@gitlab.com>	2019-05-28 04:47:34 +0000
committer	Stan Hu <stanhu@gmail.com>	2019-05-28 04:47:34 +0000
commit	4687ff7c9be789341e82a6440234fce43f30b5be (patch)
tree	59b72fafa974c92af04590e7fc3b64c6536aef70 /app/models/application_setting.rb
parent	af43970834b911242eecf9b7c815faf0f6b50048 (diff)
download	gitlab-ce-4687ff7c9be789341e82a6440234fce43f30b5be.tar.gz