diff options
Diffstat (limited to 'config/settings.rb')
-rw-r--r-- | config/settings.rb | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/config/settings.rb b/config/settings.rb index 3369f2a4480..a88f6d89ce4 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -126,16 +126,18 @@ class Settings < Settingslogic File.expand_path(path, Rails.root) end - # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys - # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1). - # Previous versions quietly truncated the input. - # - # Use this when using :per_attribute_iv mode for attr_encrypted. - # We have to truncate the string to 32 bytes for a 256-bit cipher. + # Don't use this in new code, use attr_encrypted_db_key_base_32 instead! def attr_encrypted_db_key_base_truncated Gitlab::Application.secrets.db_key_base[0..31] end + # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys + # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1). + # Previous versions quietly truncated the input. + # + # Makes sure the key is exactly 32 bytes long, either by + # truncating or right-padding it with ASCII 0s. Use this when + # using :per_attribute_iv mode for attr_encrypted. def attr_encrypted_db_key_base_32 Gitlab::Utils.ensure_utf8_size(attr_encrypted_db_key_base, bytes: 32.bytes) end |