1 files changed, 30 insertions, 0 deletions

diff --git a/lib/gitlab/crypto_helper.rb b/lib/gitlab/crypto_helper.rb
new file mode 100644
index 00000000000..68d0b5d8f8a
--- /dev/null
+++ b/lib/gitlab/crypto_helper.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module CryptoHelper
+    extend self
+
+    AES256_GCM_OPTIONS = {
+      algorithm: 'aes-256-gcm',
+      key: Settings.attr_encrypted_db_key_base_truncated,
+      iv: Settings.attr_encrypted_db_key_base_truncated[0..11]
+    }.freeze
+
+    def sha256(value)
+      salt = Settings.attr_encrypted_db_key_base_truncated
+      ::Digest::SHA256.base64digest("#{value}#{salt}")
+    end
+
+    def aes256_gcm_encrypt(value)
+      encrypted_token = Encryptor.encrypt(AES256_GCM_OPTIONS.merge(value: value))
+      Base64.encode64(encrypted_token)
+    end
+
+    def aes256_gcm_decrypt(value)
+      return unless value
+
+      encrypted_token = Base64.decode64(value)
+      Encryptor.decrypt(AES256_GCM_OPTIONS.merge(value: encrypted_token))
+    end
+  end
+end