diff options
Diffstat (limited to 'db/migrate/20201008013434_generate_ci_jwt_signing_key.rb')
-rw-r--r-- | db/migrate/20201008013434_generate_ci_jwt_signing_key.rb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/db/migrate/20201008013434_generate_ci_jwt_signing_key.rb b/db/migrate/20201008013434_generate_ci_jwt_signing_key.rb new file mode 100644 index 00000000000..7983a56f439 --- /dev/null +++ b/db/migrate/20201008013434_generate_ci_jwt_signing_key.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +class GenerateCiJwtSigningKey < ActiveRecord::Migration[6.0] + DOWNTIME = false + + class ApplicationSetting < ActiveRecord::Base + self.table_name = 'application_settings' + + attr_encrypted :ci_jwt_signing_key, { + mode: :per_attribute_iv, + key: Rails.application.secrets.db_key_base[0..31], + algorithm: 'aes-256-gcm', + encode: true + } + end + + def up + ApplicationSetting.reset_column_information + + ApplicationSetting.find_each do |application_setting| + application_setting.update(ci_jwt_signing_key: OpenSSL::PKey::RSA.new(2048).to_pem) + end + end + + def down + ApplicationSetting.reset_column_information + + ApplicationSetting.find_each do |application_setting| + application_setting.update_columns(encrypted_ci_jwt_signing_key: nil, encrypted_ci_jwt_signing_key_iv: nil) + end + end +end |