diff options
Diffstat (limited to 'db/migrate/20211126115449_encrypt_static_objects_external_storage_auth_token.rb')
-rw-r--r-- | db/migrate/20211126115449_encrypt_static_objects_external_storage_auth_token.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/db/migrate/20211126115449_encrypt_static_objects_external_storage_auth_token.rb b/db/migrate/20211126115449_encrypt_static_objects_external_storage_auth_token.rb new file mode 100644 index 00000000000..9ce034b0065 --- /dev/null +++ b/db/migrate/20211126115449_encrypt_static_objects_external_storage_auth_token.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class EncryptStaticObjectsExternalStorageAuthToken < Gitlab::Database::Migration[1.0] + class ApplicationSetting < ActiveRecord::Base + self.table_name = 'application_settings' + + scope :encrypted_token_is_null, -> { where(static_objects_external_storage_auth_token_encrypted: nil) } + scope :encrypted_token_is_not_null, -> { where.not(static_objects_external_storage_auth_token_encrypted: nil) } + scope :plaintext_token_is_not_null, -> { where.not(static_objects_external_storage_auth_token: nil) } + end + + def up + ApplicationSetting.reset_column_information + + ApplicationSetting.encrypted_token_is_null.plaintext_token_is_not_null.find_each do |application_setting| + token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(application_setting.static_objects_external_storage_auth_token) + application_setting.update!(static_objects_external_storage_auth_token_encrypted: token_encrypted) + end + end + + def down + ApplicationSetting.reset_column_information + + ApplicationSetting.encrypted_token_is_not_null.find_each do |application_setting| + token = Gitlab::CryptoHelper.aes256_gcm_decrypt(application_setting.static_objects_external_storage_auth_token_encrypted) + application_setting.update!(static_objects_external_storage_auth_token: token, static_objects_external_storage_auth_token_encrypted: nil) + end + end +end |