diff options
author | Grzegorz Bizon <grzegorz@gitlab.com> | 2018-06-05 10:39:59 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzegorz@gitlab.com> | 2018-06-05 10:39:59 +0300 |
commit | 809a50fcbf5ecfbf5ec02671f1ca2710a96f58d3 (patch) | |
tree | 0b77ad7a705f6477b03d0f83634a73e3cf36f7d1 /config/settings.rb | |
parent | 114c26ccf0f10788271c6108774e72809a7f93e1 (diff) | |
parent | 04236363bce399fbde36f396fdcf51d61735e1b0 (diff) |
Merge branch 'master' into 'backstage/gb/use-persisted-stages-to-improve-pipelines-table'
Conflicts:
app/models/ci/pipeline.rb
Diffstat (limited to 'config/settings.rb')
-rw-r--r-- | config/settings.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/config/settings.rb b/config/settings.rb index 69d637761ea..3f3481bb65d 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -85,6 +85,24 @@ class Settings < Settingslogic File.expand_path(path, Rails.root) end + # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys + # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1). + # Previous versions quietly truncated the input. + # + # Use this when using :per_attribute_iv mode for attr_encrypted. + # We have to truncate the string to 32 bytes for a 256-bit cipher. + def attr_encrypted_db_key_base_truncated + Gitlab::Application.secrets.db_key_base[0..31] + end + + # This should be used for :per_attribute_salt_and_iv mode. There is no + # need to truncate the key because the encryptor will use the salt to + # generate a hash of the password: + # https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77 + def attr_encrypted_db_key_base + Gitlab::Application.secrets.db_key_base + end + private def base_url(config) |