diff options
Diffstat (limited to 'doc/development')
| -rw-r--r-- | doc/development/go_guide/index.md | 2 | ||||
| -rw-r--r-- | doc/development/secure_coding_guidelines.md | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/doc/development/go_guide/index.md b/doc/development/go_guide/index.md index 6092a05afff..e51542649bb 100644 --- a/doc/development/go_guide/index.md +++ b/doc/development/go_guide/index.md @@ -438,7 +438,7 @@ up to run `goimports -local gitlab.com/gitlab-org` so that it's applied to every ### Naming branches -Only use the characters `a-z`, `0-9` or `-` in branch names. This restriction is due to the fact that `go get` doesn't work as expected when a branch name contains certain characters, such as a slash `/`: +In addition to the GitLab [branch name rules](../../user/project/repository/branches/index.md#name-your-branch), use only the characters `a-z`, `0-9` or `-` in branch names. This restriction is because `go get` doesn't work as expected when a branch name contains certain characters, such as a slash `/`: ```shell $ go get -u gitlab.com/gitlab-org/security-products/analyzers/report/v3@some-user/some-feature diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md index 232b942525d..2e53fb28cb9 100644 --- a/doc/development/secure_coding_guidelines.md +++ b/doc/development/secure_coding_guidelines.md @@ -1309,7 +1309,10 @@ In the event of credential leak through an MR, issue, or any other medium, [reac ### Examples -Encrypting a token with `attr_encrypted` so that the plaintext can be retrieved and used later: +Encrypting a token with `attr_encrypted` so that the plaintext can be retrieved +and used later. Use a binary column to store `attr_encrypted` attributes in the database, +and then set both `encode` and `encode_iv` to `false`. For recommended algorithms, see +the [GitLab Cryptography Standard](https://about.gitlab.com/handbook/security/cryptographic-standard.html#algorithmic-standards). ```ruby module AlertManagement @@ -1318,7 +1321,9 @@ module AlertManagement attr_encrypted :token, mode: :per_attribute_iv, key: Settings.attr_encrypted_db_key_base_32, - algorithm: 'aes-256-gcm' + algorithm: 'aes-256-gcm', + encode: false, + encode_iv: false ``` Hashing a sensitive value with `CryptoHelper` so that it can be compared in future, but the plaintext is irretrievable: |