Skip to content

user_external_accounts: Encrypt account data along with auth data, and handle null values correctly. also update the oob migration runner to use the db handle passed to it

Warren Gifford requested to merge encrypt-accountdata into main

Created by: arussellsaw

closes #20030 (closed)

When enabling encryption on dogfood i noticed that the oob migration wasn't making any progress, @tsenart and i spent some time debugging & found out a few things:

  • we were de-nulling values in auth data
  • we weren't encrypting account data, for openid connect (like google) we never store account data, only auth data, so we never encrypted anything for those rows, but we should be as there was sensitive info in the account data field.
  • the oob migrator wasn't using a database dependency passed to it

Merge request reports

Loading