From 61df812ac688cb0848752f9f26f77d65eadf160a Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 2 Jun 2018 02:32:30 -0700
Subject: Fix attr_encryption key settings

attr_encrypted does different things with `key` depending on what mode you are using:

1. In `:per_attribute_iv_and_salt` mode, it generates a hash with the salt:
https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77.
There is no need to truncate the key to 32 bytes here.

2. In `:per_attribute_iv` mode, it sets the key directly to the password, so
truncation to 32 bytes is necessary.

Closes #47166
---
 changelogs/unreleased/sh-fix-secrets-not-working.yml | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changelogs/unreleased/sh-fix-secrets-not-working.yml

(limited to 'changelogs')

diff --git a/changelogs/unreleased/sh-fix-secrets-not-working.yml b/changelogs/unreleased/sh-fix-secrets-not-working.yml
new file mode 100644
index 00000000000..044a873ecd9
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-secrets-not-working.yml
@@ -0,0 +1,5 @@
+---
+title: Fix attr_encryption key settings
+merge_request:
+author:
+type: fixed
-- 
cgit v1.2.1