Where full disk encryption is used, logical access must be managed independently of operating system authentication; decryption keys must not be associated with user accounts.
Separating user accounts from decryption keys decreases the likelihood that an attacker with possession or control of a GitLab system can access any data contained on that system.
Full disc encryption is not applicable to the GitLab environment as we do not process credit card numbers.
Encryption is covered by the following controls:
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Full Disk Encryption issue .