db/post_migrate/20190606175050_encrypt_feature_flags_clients_tokens.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# frozen_string_literal: true

class EncryptFeatureFlagsClientsTokens < ActiveRecord::Migration[5.1]
  DOWNTIME = false

  class FeatureFlagsClient < ActiveRecord::Base
    self.table_name = 'operations_feature_flags_clients'
  end

  def up
    say_with_time("Encrypting tokens from operations_feature_flags_clients") do
      FeatureFlagsClient.where('token_encrypted is NULL AND token IS NOT NULL').find_each do |feature_flags_client|
        token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(feature_flags_client.token, nonce: Gitlab::CryptoHelper::AES256_GCM_IV_STATIC)
        feature_flags_client.update!(token_encrypted: token_encrypted)
      end
    end
  end

  def down
    say_with_time("Decrypting tokens from operations_feature_flags_clients") do
      FeatureFlagsClient.where('token_encrypted IS NOT NULL AND token IS NULL').find_each do |feature_flags_client|
        token = Gitlab::CryptoHelper.aes256_gcm_decrypt(feature_flags_client.token_encrypted)
        feature_flags_client.update!(token: token)
      end
    end
  end
end