Default enable hash_oauth_secrets (!109195) · Merge requests · GitLab.org / GitLab

Aboobacker MK requested to merge tachyons/default_enable_hash_oauth_secrets into master Jan 18, 2023

What does this MR do and why?

We've been using hashed OAuth Tokens on GitLab.com for a day without any issues. It has been enabled in staging without any issues for 3 months. This will default-enable the flag for all self-managed instances, as well. After enabling this flag, users will lose the ability to copy application secrets other than immediately after creating the application. Inn the event anything goes wrong, self-managed customers can disable the flag by running Feature.disable(:hash_oauth_secrets) in the Rails console.

Enable the feature flag hashed_oauth_secrets by default

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 18, 2023 by Aboobacker MK

Default enable hash_oauth_secrets

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports