diff options
author | Nick Thomas <nick@gitlab.com> | 2017-06-02 17:28:54 +0100 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-06-05 22:17:52 +0100 |
commit | b2800ee0c7c0ca47bb11b21b6b32134ae6f4594e (patch) | |
tree | df034c90730e215f3c9a14c0cc05eaca6b4aa2fa /lib/tasks/gitlab/two_factor.rake | |
parent | c34107608ecc5c36e80a748eb4c9b88d2b1157cf (diff) | |
download | gitlab-ce-b2800ee0c7c0ca47bb11b21b6b32134ae6f4594e.tar.gz |
Add a Rake task to aid in rotating otp_key_base
Diffstat (limited to 'lib/tasks/gitlab/two_factor.rake')
-rw-r--r-- | lib/tasks/gitlab/two_factor.rake | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/tasks/gitlab/two_factor.rake b/lib/tasks/gitlab/two_factor.rake index fc0ccc726ed..7728c485e8d 100644 --- a/lib/tasks/gitlab/two_factor.rake +++ b/lib/tasks/gitlab/two_factor.rake @@ -19,5 +19,21 @@ namespace :gitlab do puts "There are currently no users with 2FA enabled.".color(:yellow) end end + + namespace :rotate_key do + def rotator + @rotator ||= Gitlab::OtpKeyRotator.new(ENV['filename']) + end + + desc "Encrypt user OTP secrets with a new encryption key" + task apply: :environment do |t, args| + rotator.rotate!(old_key: ENV['old_key'], new_key: ENV['new_key']) + end + + desc "Rollback to secrets encrypted with the old encryption key" + task rollback: :environment do + rotator.rollback! + end + end end end |