Merge branch 'jrreid-update-dast-profile' into 'master'

Add encryption details for DAST site profile fields See merge request gitlab-org/gitlab!78143

Merge branch 'jrreid-update-dast-profile' into 'master'
Add encryption details for DAST site profile fields See merge request gitlab-org/gitlab!78143
71940ecd · Russell Dickenson · 78333253 · 72ade875 · 71940ecd
Commit 71940ecd authored Jan 13, 2022 by Russell Dickenson
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +3 -0

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -1131,6 +1131,9 @@ A site profile contains the following:

 When an API site type is selected, a [host override](#host-override) is used to ensure the API being scanned is on the same host as the target. This is done to reduce the risk of running an active scan against the wrong API.

+When configured, request headers and password fields are encrypted using [`aes-256-gcm`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) before being stored in the database.
+This data can only be read and decrypted with a valid secrets file.
+
 #### Site profile validation

 > - Site profile validation [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233020) in GitLab 13.8.