Gusted 0c11e9a43a feat: use keying for task secrets (#9923) ... - Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692 - The `task` table contains three secrets: clone address (with credentials), auth password and auth token. These secrets are stored for migrating repositories (also the only usage of this table, although it allows for more usages). - Use `keying` to safely store these secrets and bound them to the table, column, row id and JSON field name. - The migration isn't spectacular but does closely follow what we learned in the previous two migrations: use a transaction and delete records when you can't decrypt them. We also learned about `db.Iterate` not being happy when updating records but it has since been fixed. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9923 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>		2025-11-03 13:42:32 +01:00
..
task.go	feat: use keying for task secrets (#9923)	2025-11-03 13:42:32 +01:00