Merge branch '53659-use-padded-key-for-gcm-ciphers' into 'master'

Use a 32-byte version of db_key_base for web hooks

Closes #53659

See merge request gitlab-org/gitlab-ce!23573

app/models/hooks/web_hook.rb

@@ -6,12 +6,12 @@ class WebHook < ActiveRecord::Base
   attr_encrypted :token,
                  mode:      :per_attribute_iv,
                  algorithm: 'aes-256-gcm',
-                 key:       Settings.attr_encrypted_db_key_base_truncated
+                 key:       Settings.attr_encrypted_db_key_base_32
 
   attr_encrypted :url,
                  mode:      :per_attribute_iv,
                  algorithm: 'aes-256-gcm',
-                 key:       Settings.attr_encrypted_db_key_base_truncated
+                 key:       Settings.attr_encrypted_db_key_base_32
 
   has_many :web_hook_logs, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
 

changelogs/unreleased/53659-use-padded-key-for-gcm-ciphers.yml

+---
+title: Fix web hook functionality when the database encryption key is too short
+merge_request: 23573
+author:
+type: fixed

lib/gitlab/background_migration/models/encrypt_columns/web_hook.rb

@@ -15,12 +15,12 @@ module Gitlab
           attr_encrypted :token,
                          mode:      :per_attribute_iv,
                          algorithm: 'aes-256-gcm',
-                         key:       ::Settings.attr_encrypted_db_key_base_truncated
+                         key:       ::Settings.attr_encrypted_db_key_base_32
 
           attr_encrypted :url,
                          mode:      :per_attribute_iv,
                          algorithm: 'aes-256-gcm',
-                         key:       ::Settings.attr_encrypted_db_key_base_truncated
+                         key:       ::Settings.attr_encrypted_db_key_base_32
         end
       end
     end