diff options
Diffstat (limited to 'db')
-rw-r--r-- | db/migrate/20190516151857_add_lets_encrypt_private_key_to_application_settings.rb | 16 | ||||
-rw-r--r-- | db/migrate/20190524062810_generate_lets_encrypt_private_key.rb | 33 | ||||
-rw-r--r-- | db/schema.rb | 4 |
3 files changed, 52 insertions, 1 deletions
diff --git a/db/migrate/20190516151857_add_lets_encrypt_private_key_to_application_settings.rb b/db/migrate/20190516151857_add_lets_encrypt_private_key_to_application_settings.rb new file mode 100644 index 00000000000..e1d3cca48d6 --- /dev/null +++ b/db/migrate/20190516151857_add_lets_encrypt_private_key_to_application_settings.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class AddLetsEncryptPrivateKeyToApplicationSettings < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + # Set this constant to true if this migration requires downtime. + DOWNTIME = false + + def change + add_column :application_settings, :encrypted_lets_encrypt_private_key, :text + add_column :application_settings, :encrypted_lets_encrypt_private_key_iv, :text + end +end diff --git a/db/migrate/20190524062810_generate_lets_encrypt_private_key.rb b/db/migrate/20190524062810_generate_lets_encrypt_private_key.rb new file mode 100644 index 00000000000..21d7049b998 --- /dev/null +++ b/db/migrate/20190524062810_generate_lets_encrypt_private_key.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class GenerateLetsEncryptPrivateKey < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + # Set this constant to true if this migration requires downtime. + DOWNTIME = false + + class ApplicationSetting < ActiveRecord::Base + self.table_name = 'application_settings' + + attr_encrypted :lets_encrypt_private_key, + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_truncated, + algorithm: 'aes-256-gcm', + encode: true + end + + def up + ApplicationSetting.reset_column_information + + private_key = OpenSSL::PKey::RSA.new(4096).to_pem + ApplicationSetting.find_each do |setting| + setting.update!(lets_encrypt_private_key: private_key) + end + end + + def down + end +end diff --git a/db/schema.rb b/db/schema.rb index 412b5313b69..bb59af540fe 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20190516011213) do +ActiveRecord::Schema.define(version: 20190524062810) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -191,6 +191,8 @@ ActiveRecord::Schema.define(version: 20190516011213) do t.boolean "lets_encrypt_terms_of_service_accepted", default: false, null: false t.integer "elasticsearch_shards", default: 5, null: false t.integer "elasticsearch_replicas", default: 1, null: false + t.text "encrypted_lets_encrypt_private_key" + t.text "encrypted_lets_encrypt_private_key_iv" t.index ["usage_stats_set_by_user_id"], name: "index_application_settings_on_usage_stats_set_by_user_id", using: :btree end |