gitea

mirror of https://github.com/go-gitea/gitea synced 2024-11-16 23:24:25 +00:00

History

zeripath 544ef7d394 Encrypt migration credentials at rest (#15895 ) (#16187 ) Backport #15895 Storing these credentials is a liability. * Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue) - security in depth: helps when attacker has access to DB only, but not app.ini * Delete all credentials (even encrypted) from the task table, once the migration is done, for safety - security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini	2021-06-17 22:59:28 +02:00
..
migrate.go	Migrations: Use Process Manager to create own Context (#13792 )	2020-12-02 18:36:06 +00:00
task.go	Encrypt migration credentials at rest (#15895 ) (#16187 )	2021-06-17 22:59:28 +02:00

Encrypt migration credentials at rest (#15895 ) (#16187 )

Backport #15895

Storing these credentials is a liability.

* Encrypt credentials with SECRET_KEY before persisting to task queue table (they need to be persisted due to the nature of the task queue)
  - security in depth: helps when attacker has access to DB only, but not app.ini
* Delete all credentials (even encrypted) from the task table, once the migration is done, for safety
  - security in depth: minimizes leaked data if attacker gains access to snapshot of both DB and app.ini

2021-06-17 22:59:28 +02:00

migrate.go

Migrations: Use Process Manager to create own Context (#13792 )

2020-12-02 18:36:06 +00:00

task.go

Encrypt migration credentials at rest (#15895 ) (#16187 )

2021-06-17 22:59:28 +02:00