►
Description
Distribution Team Member Demo on the addition of encrypted configuration options to mailroom
A
A
Welcome
to
the
distribution
team
demo
for
February
23rd
2023.
A
I'm,
going
to
be
talking
a
little
bit
about
encrypted
configuration
today
and
just
on
a
programming
note.
I
was
talking
to
DJ
a
little
bit
before
we
started.
The
recording
I
have
really
limited
outbound
bandwidth,
and
this
is
my
first
attempt
at
doing
a
zoom
recording
and
doing
a
screen
share
and
I.
Don't
really
know
how
well
that's
going
to
come
across
if
it
doesn't,
then
I'll
go
back,
watch
the
recording
and
then
do
a
re-recording
of
this
demo.
But
so
this
is
sort
of
a
trial
run
for
that.
A
If,
if
we
need
to
do
that,
I
do
have
a
set
of
notes
in
our
distribution
demo
team
notes
with
some
URLs
that
will
also
help
to
browse
as
I'm
going
along
and
I'm
just
going
to
load
those
URLs
in
a
browser
and
use
that
to
share
the
screen
and
kind
of
anchor
our
attention
to
that.
A
All
right
so
I
should
be
sharing
my
browser
window
now
and
we'll
get
started.
I'm
also
very
aware
that
there
are
two
meetings
at
11,
A.M,
eastern
Time
or
or
I
guess:
that's
4,
P.M
UTC,
both
George
first
CTO
office
hours
and
our
enablement
performance
indicators,
so
I'm
going
to
try
my
best
to
help
for
11
A.M
eastern
time
this
morning
and
just
kind
of
go
through
this
quickly.
A
So
I'm
sharing
the
initial
Mr
and
in
the
notes,
just
a
little
bit
of
background
about
this.
What
we're
talking
about
this
morning
for
encrypted
secrets
in
137
DJ,
put
together
an
MR
that
makes
use
of
the
the
added
and
encryption
encrypted
configuration
class
to
the
rails,
app
that
makes
use
of
reading
and
writing
to
an
encrypted
file,
using
the
active
support,
libraries
that
to
do
encryption
that
are
built
into
also
for
rails
secrets
and
that
Library
ends
up
using
a
key
generator
function
that
just
Builds
on
top
of
openssl.
A
So
the
DJ's
work
added
that
to
the
core
of
our
at
least
our
rails.
Application
made
it
available
and
the
core
settings
switch
over
to
the
to
the
tab,
where
you
can
call
it
a
settings.encrypted
for
a
given
path,
a
file
name
for
an
a
set
of
encrypted,
Secrets
or
or
an
empty
file
that
it
can
create
and
write
to
and
we'll
return
that
encrypted
configuration
and
that
encrypted
configuration
class
has
some
useful
routines
for
writing.
A
Reading
returning
the
encrypted
contest,
the
decrypted
contents
and
just
pulling
that
information
back
out
and
that
that
same
library
was
initially
used
for
ldap
credentials
for
for
encrypting
the
the
ldap
credentials
and
leaving
that
out
of
the
gitlab.rb
in
13.7
and
then
really
was
used
again
for
the
SMTP
credentials
that
I
want
to
and
I've
got
both
of
those
that
the
merge
request
for
the
encrypted
SMTP
credentials
for
the
gitlab
project,
as
as
well
as
the
the
Omnibus
side.
Mr
for
this
and
forwarding
that
too
I've
got
those
Linked
In.
A
The
demo
notes
as
well,
and
and
really
that
that
so
there's
core
support
for
reading
and
writing
and
encrypted
and
encrypted
by
using
the
open,
SSL
routines
and
a
set
of
rate
tasks
for
editing
the
file
for
showing
the
contents
of
the
file
and
for
piping
from
a
third
party
or
an
existing
file,
or
a
set
of
a
set
of
parameters
that
you
want
to
use
and
piping
that
through
a
right
action.
A
That
would
end
up
writing
the
encrypted
file
and
all
of
that
really
and
I'm
gonna
think
so
as
I'm.
A
little
nervous
for
the
first
time
here
that
that
overarching
epic
is
is
part
of
an
epic
Creator
back
in
2020
for
managing
for
doing
a
a
secure
solution
for
managing
Omnibus
configuration
secrets
and
the
a
the
sub
epic.
That's
part
of
that
is
the
actual
passwords.
A
This
is
where
we've
identified
the
ones
that
we
can
and
can't,
or
the
ones
that
will
make
sense
encrypting
in
the
main
rails,
app
or
just
things
that
have
to
be
managed
outside
that
application
itself,
and
so
ldap
SMTP,
the
incoming
email
and
service
desk
email
for
for
rails,
for
that's
used
by
mailroom,
the
DB
password
the
red
is
password
and
then
there's
an
add-on
here
that
I
didn't
get
to
the
mic.
A
Microsoft
graph
part
as
part
of
the
incoming
email
password
so
before
I
go
into
I've
talked
a
little
fast
as
I
mentioned,
but
before
I
go
into
kind
of
where
I
began
approaching
this
and
began
working
on.
Are
there
any
questions
so
far
about
about
DJ's
work
in
13
7
or
what
we
did?
You
know
extending
that
as
you
look
at
those
those
Mrs
how
we
extended
that
at
first
to
the
ldap
configuration
or
the
SMD
SMTP
configuration.
A
Cool
they're
hearing
none
I'll
get
forward,
so
I
picked
up
as
part
of
extending
this
to
the
incoming
email
configuration
and
the
service
desk
email
configuration
and
I
I
really
sort
of
drug
my
feet
for
a
little
while
on
this.
This
is
the
first
time
that
I
had
actually
used
our
GDK
to
submit
a
merge
request
and
part
of
that
is.
A
Was
the
there
was
part
of
a
kind
of
a
startup
procedure
for
learning
how
we
do
things
a
little
bit
differently
because
of
the
size
and
the
number
of
developers
that
are
coming
at
the
the
rails,
application
itself
than
we
do
in
Omnibus,
in
our
charts
and
in
our
projects,
our
smaller
projects,
and
so
you
know,
there's
a
lot
of
activity.
There's
there's
a
little
bit
the
test
framework
in
the
test.
Suite
is
the
same,
but
it's
a
little
structured
a
little
differently.
A
Some
of
the
examples
are
a
little
different
and
so
I
I
spent
a
fair
amount
of
time
kind
of
just
digging
in
and
trying
to
understand,
trying
to
understand
how
the
GDK
was
put
together
and
so
I.
Finally,
you
know
began
working
on
this
and,
as
a
straightforward
I'm,
showing
the
Mr
on
the
screen
at
first
I'm
thinking
hey.
A
This
is
just
gonna,
be
you
know,
I'm
gonna,
a
sort
of
copy
paste
and
understand
the
what
what
DG
had
done
before
with
the
SMTP
and
the
ldap
secrets,
I'm
going
to
extend
and
copy
that
routine
to
using
this
to
to
create
a
rate
task
for
the
incoming
email
and
service
desk
email
write
these
encrypted
files
out,
read
it
back
in
and
and
I
I
get
an
implementation
in
place,
and
then
it's
really
not
working
I'm
like
whoa
I.
You
know
what
what
didn't?
What
am
I
missing?
A
What
am
I
missing,
and
one
of
the
lessons
for
me
is
I,
didn't
really
understand
at
the
time
or
didn't
go
back
and
look
at
the
time
for
how
we
go
about
parsing
and
loading.
The
mailroom
configuration
file
and
I
just
want
to
kind
of
switch
to.
This
is
the
the
mailroom.yml
that
is
in
the
core
rails
app
and
what
so
so,
the
male
the
mail
room
configuration
file
that
we
ship
is
part
of
the
Rails
app
by
how
we
execute
mail
room,
which
is
a
separate
ruby.
A
Gem
entirely
is
outside
of
the
Rails
framework
itself.
So
in
Omnibus,
we've
got
a
running
net
configuration
that
loads
this
that
that
loads,
the
service
is
doing
a
essentially
a
bug
back
as
the
GDK
does,
but
it's
doing
about
no
exact
on
on
the
the
or
it's
actually
loading,
the
rails,
environment,
the
gym
environment,
local
to
the
machine
and
executing
mail
room
and
mail
room
itself.
The
gym
doesn't
will
read
an
Erb
configuration
of
this
mailroom.yml
file
which
in
turn
loads
a
library
out
of
the
Rails
app.
A
That
file-
and
let
me
go
back
to
sorry,
go
back
to
my
diff
of
this
change
and
so
I'm
going
to
scroll
down
to
that
Library-
and
you
can
see
my
diff
here,
but
but
at
the
time
that
it's
loading,
the
initial
implementation,
it
it
that
library
is
just
loading
yaml,
it's
just
loading
Json,
it's
just
loading
a
path
name
and
the
redis
cues
Library,
that's
part
of
the
Rails
out.
A
So
this
initial
implementation
of
the
encrypted
settings
was
built
into
the
core
rails
app
settings
class,
but
this
mailroom
Library
doesn't
load
that
settings
class
at
all
whatsoever
and
so
Mail
Room
reading
the
Erb
loads.
This
one
class,
it's
kind
of
it's
in
the
rails
app
but
does
has
really
nothing
else
to
do
with
the
rails,
app
itself
other
than
this
add-on
of
the
redis,
cues
library
and
so
settings
is
not
available.
A
The
settings
the
settings
Library
itself,
if
as
I
scroll
back
up
to
the
top
of
this,
actually
has
one
call
to
to
the
rails
class,
that's
in
the
core
rails,
app
just
to
pull
that
the
rails
and
or
default
back
to
the
the
rails
environment
depending
on.
A
If
there's
not
a
an
EnV
set
in
the
environment
and
our
variable
applicant
be
in
the
environment,
and
so
so
none
of
this
encrypted
configuration
was
available
to
that
class
and
to
load
it
otherwise
would
have
required.
Loading
settings
would
have
required
loading
all
of
rails.
Just
for
that,
one
rails.env
call
and
everything
that
it
pulls
in,
and
so
I
really
had
to
kind
of
go
back
and
figure
out.
What
can
I
just
do.
A
I
do
I
reproduce
the
encrypted
configuration
class
to
I,
put
all
of
this
in
Omnibus
itself,
or
do
I
leave
this
in
the
rails
app
and
try
to
load
this
in
a
in
a
minimal
way,
and
so
that's
what
I
did
is
that
the
the
initial
encrypted
configuration
class
needs
a
couple
of
routines
out
of
active
support,
and
that
is
what
active
support
has
lets.
You
break
down
the
different
components
in
it
when
you're
requiring
it,
and
so
you
don't
need
all
of
everything
that
active
support
would
necessarily
include.
A
So
here
we
can
get
away
with
just
loading.
The
core
act:
support
Library
loading.
We
end
up
needing
there's
a
there's,
a
call
on
one
of
those
routines
that
needs
this
delegation
module,
so
I'm
loading
active
support
that
delegation
module
and
then
our
own
encrypted
configuration
class
and
that
lets
lets
us
get
at
those
routines.
But
at
the
same
time,
we've
got
to
read
logic
in
here
to
reproduce
some
of
loading
settings
the
the
core
rail
settings
itself,
because
we
need
the
encryption
key
that
that
is
in
gitlabsecrets.json.
A
That
gets
loaded
in
that
that
is
used
for
these
files
is
used
for
the
rake
tasks.
That's
used
in
the
rails
app
itself.
So
this
this
Library
ends
up
having
to
reproduce
and
copy
some
of
the
same
logic
from
the
the
settings
library
and
for
reading
in
the
core
rail
settings
and
the
core
rail
secrets,
and-
and
that
was
really
the
complexity
that
that
was
involved
here
and-
and
we
sort
of
addressed.
This
DJ
actually
addressed
this
in
commentary
during
the
review
that
I'll
point
out
and
I'll
make
sure
this.
A
This
link
is
directly
in
the
notes
about
why
your
thoughts
about
the
change
and
where
we
go
forward
as
we're
taking
a
look
at
the
the
DB
password
and
the.
A
I'm
sorry
and
the
redis
password-
and
that's
really,
that
is
the
the
brain
dump
of
this
encrypted
settings,
Library.
What
what
was
involved
a
little
bit
and
and
reading
this
in
mailroom
questions
that
I
learned
about
one
more
Edition
that
I
want
to
put
in,
as,
as
I
submit
this
this
Mr
and
picking
Charlie
Ableton.
To
take
a
look
at
because
I
know
they
had
spent
a
fair
amount
of
time
in
the
Mailroom
configuration
recently
back
in
November.
A
They
had
actually
identified
this
very
same
thing
that
I
ran
into
and
then
just
went
full
board
trying
to
to
work
around
as
an
issue
for
the
rails,
app
itself
about
loading,
what's
involved
in
loading,
the
mailroom
yml
and
that's
something
that
I
probably
should
have
done
some
background
and
looked
at
the
issues
beforehand,
because
it
wouldn't
have
caught
me
by
surprise.
A
If
I
had
known
some
of
the
issues
or
if
I
looked
for
some
of
the
issues
around
mailroom
and
what's
going
on
and
some
of
the
open
items
for
for
how
we
interact
with
the
The
Mailroom
gym.
A
One
thing
I
want
to
mention,
isn't
as
much
to
to
talk
about
it
today,
but
one
of
the
things
involved
in
this
is
this:
will
post
some
usage
data
to
our
sisense
data,
about
the
use
of?
If,
if
anybody
configures
this
and
sets
their
configuration
and
writes
out
and
encrypted
username
and
password
for
their
incoming
email
on
configuration,
is
active
in
that
presence
and
for
the
for
this
Mr.
A
The
presence
of
that
file
that
encrypted
file
and
those
credentials
in
that
file
are
an
indication
that
it's
active,
that
it
will
just
pass.
A
True
Value
along
as
part
of
the
usage
data
that
a
customer
or
a
gitlab
platform
user
is
using
this
feature
within
the
application
and
I.
Don't
actually
have
I'm,
not
sure
that
I.
Actually,
we
have
access
to
science
on
an
individual
level,
so
I've
never
actually
seen
this
data
in
sizeense
and
the
number
of
people
that
are
using
some
of
these
encrypted
features.
A
But
it's
something
useful
to
track
and
it's
well.
We
started
tracking
it
with
ldap
and
we
started
tracking
it
with
SMTP,
and
so
this
added
tracking
also
for
the
incoming
email.
But
we've
changed.
How
the
usage
data
works,
and
there
are
now
subclasses
that
are
necessary,
I'll
look
at
the
changes
for
for
doing
a
oh,
that's
the
spec.
A
Let's
do
instrumentation
classes
that
that
you
have
to
put
in
place
for
each
individual,
instrumented
metric
and
so
I
just
want
to
mention
that
in
passing
sort
of
at
the
end
of
of
this
I
I
won't
go
too
much
into
the
details
of
of
that
implementation.
A
In
some
ways,
I
I
just
tested
it
by
making
sure
that
this
was
being
sent
to
the
to
the
gilab
versions,
application
that
that
our
tracking
was
there
that
that
this
this
this
metric
was
present,
but
in
terms
of
how
it
gets
read
back
out
and
used.
A
I
actually
haven't
I
I
I
didn't
dive
into
the
details
there,
but
I'll
provide
some
links
to
to
how
this
has
changed
over
and
since
since
initial
implementation,
and
that
in
in
using
these
instrumentation
classes-
and
that
was
in
my
brain
dumb-
that
was
pretty
rambly.
But
if
there
are
any
questions
or
comments
or
comments
on
the
the
recording
itself,
if,
if
the
screen
sharing
worked
well
here,
just
let
me
know
otherwise.
A
That's
encrypted
secrets
and
how
we're
using
it
for
ldap,
SMTP
incoming
mail
and
how
we
might
be
able
to
use
this
for
the
the
database
password
and
the
the
redis
password
as
well.
A
Okay,
go
in
once
going
twice,
I
think
we're
good
to
go.
Thank
everyone
for
joining
this
morning
and
if
anything
comes
up
afterwards,
just
ping
me
or
let
me
know
or
put
questions
in
the
doc
and
and
we'll
get
that
worked
out
thanks.
Everyone.