Encryption is a process in which data is encoded so that it remains hidden from or inaccessible to unauthorized users. It helps securely protect data that you don't want anyone to have access to. By encrypting our data at rest and in transit, we can better protect private, proprietary and sensitive data and can enhance the security of communication between client applications and servers.
This control is applicable to the production environment and any end user devices that store such data. The production environment includes all endpoints and cloud assets used in hosting GitLab.com and its subdomains. This may also include third-party systems that support the business of GitLab.com
Data at rest is defined as data that is physically stored and not actively moving from one location to another (i.e.: device to device or network to network). This includes data stored on laptops, flash drives and hard drives.
GitLab encrypts data at rest using a variety of tools including:
Data in transit is defined as data that is actively moving from one location to another (i.e: device to device or network to network). This includes data transferred over public networks such as the internet.
GitLab encrypts data in transit using a variety of tools including:
Please don’t roll your own crypto. If you really think you have a situation where it makes sense to do this, please don’t. If you really really think this is a good idea, it is still not and please don't. If you’re absolutely sure you have an edge case where this makes sense, please engage with the GitLab security team first so they can work with you on finding an alternative.
Exceptions to this policy require filling out an exception request.