Class: Gitlab::EncryptedConfiguration

Inherits:

Object

• Object
• Gitlab::EncryptedConfiguration

Defined in:

lib/gitlab/encrypted_configuration.rb

Defined Under Namespace

Classes: InvalidConfigError, MissingKeyError

Constant Summary

CIPHER =

"aes-256-gcm"

SALT =

"GitLabEncryptedConfigSalt"

Instance Attribute Summary

• #content_path ⇒ Object readonly

  Returns the value of attribute content_path.

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #previous_keys ⇒ Object readonly

  Returns the value of attribute previous_keys.

Class Method Summary

• .generate_key(base_key) ⇒ Object

Instance Method Summary

• #active? ⇒ Boolean
• #change(&block) ⇒ Object
• #config ⇒ Object
• #initialize(content_path: nil, base_key: nil, previous_keys: []) ⇒ EncryptedConfiguration constructor

  A new instance of EncryptedConfiguration.

• #read ⇒ Object
• #write(contents) ⇒ Object

Constructor Details

#initialize(content_path: nil, base_key: nil, previous_keys: []) ⇒ EncryptedConfiguration

Returns a new instance of EncryptedConfiguration.

# File 'lib/gitlab/encrypted_configuration.rb', line 32

def initialize(content_path: nil, base_key: nil, previous_keys: [])
  @content_path = Pathname.new(content_path).yield_self { |path| path.symlink? ? path.realpath : path } if content_path
  @key = self.class.generate_key(base_key) if base_key
  @previous_keys = previous_keys
end

Instance Attribute Details

#content_path ⇒ Object (readonly)

Returns the value of attribute content_path.

# File 'lib/gitlab/encrypted_configuration.rb', line 7

def content_path
  @content_path
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/gitlab/encrypted_configuration.rb', line 7

def key
  @key
end

#previous_keys ⇒ Object (readonly)

Returns the value of attribute previous_keys.

# File 'lib/gitlab/encrypted_configuration.rb', line 7

def previous_keys
  @previous_keys
end

Class Method Details

.generate_key(base_key) ⇒ Object

# File 'lib/gitlab/encrypted_configuration.rb', line 24

def self.generate_key(base_key)
  # Because the salt is static, we want uniqueness to be coming from the base_key
  # Error if the base_key is empty or suspiciously short
  raise 'Base key too small' if base_key.blank? || base_key.length < 16

  ActiveSupport::KeyGenerator.new(base_key).generate_key(SALT, ActiveSupport::MessageEncryptor.key_len(CIPHER))
end

Instance Method Details

#active? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/encrypted_configuration.rb', line 38

def active?
  content_path&.exist?
end

#change(&block) ⇒ Object

# File 'lib/gitlab/encrypted_configuration.rb', line 73

def change(&block)
  writing(read, &block)
end

#config ⇒ Object

Raises:

• (InvalidConfigError)

# File 'lib/gitlab/encrypted_configuration.rb', line 63

def config
  return @config if @config

  contents = deserialize(read)

  raise InvalidConfigError unless contents.is_a?(Hash)

  @config = contents.deep_symbolize_keys
end

#read ⇒ Object

# File 'lib/gitlab/encrypted_configuration.rb', line 42

def read
  if active?
    decrypt(content_path.binread)
  else
    ""
  end
end

#write(contents) ⇒ Object

# File 'lib/gitlab/encrypted_configuration.rb', line 50

def write(contents)
  # ensure contents are valid to deserialize before write
  deserialize(contents)

  temp_file = Tempfile.new(File.basename(content_path), File.dirname(content_path))
  File.open(temp_file.path, 'wb') do |file|
    file.write(encrypt(contents))
  end
  FileUtils.mv(temp_file.path, content_path)
ensure
  temp_file&.unlink
end