Commit graph

7 commits

Author SHA1 Message Date
Nick Thomas
2f2b0ad390
Use a 32-byte version of db_key_base for web hooks
AES-256-GCM cipher mode requires a key that is exactly 32 bytes long.
We already handle the case when the key is too long, by truncating, but
the key can also be too short in some installations. Switching to a key
that is always exactly the right length (by virtue of right-padding
ASCII 0 characters) allows encryption to proceed, without breaking
backward compatibility.

When the key is too short, encryption fails with an `ArgumentError`,
causing the web hooks functionality to be unusable. As a result, zero
rows can exist with values encrypted with the too-short key.

When the key is too long, it is silently truncated. In this case, the
key is unchanged, so values encrypted with the new too-long key will
still be successfully decrypted.
2018-12-05 00:00:42 +00:00
Grzegorz Bizon
bba97f8203 Use proper scope when accessting application settings 2018-12-03 13:21:36 +01:00
Grzegorz Bizon
b7f35e8939 Expire application settings after encrypting tokens 2018-11-28 11:43:17 +01:00
Grzegorz Bizon
9ab50c86a9 Add specs for runners tokens encryption migration 2018-11-23 11:55:38 +01:00
Grzegorz Bizon
718ea942dc Improve test cases description in token-related specs 2018-11-23 10:43:47 +01:00
Grzegorz Bizon
64c2377854 Add migratable models for runners tokens migration 2018-11-21 12:35:25 +01:00
Nick Thomas
466371a06c
Migrate sensitive web hook data in the background 2018-10-01 15:34:16 +01:00