2020-12-10 21:10:15 +00:00
---
2022-05-30 00:08:35 +00:00
stage: Systems
2020-12-10 21:10:15 +00:00
group: Distribution
2022-09-22 00:11:23 +00:00
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments"
2020-12-10 21:10:15 +00:00
type: reference
---
2021-01-28 06:08:59 +00:00
# Encrypted Configuration **(FREE SELF)**
2020-12-10 21:10:15 +00:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45712) in GitLab 13.7.
GitLab can read settings for certain features from encrypted settings files. The supported features are:
2022-05-16 06:08:30 +00:00
- [LDAP `bind_dn` and `password` ](auth/ldap/index.md#use-encrypted-credentials ).
2021-09-08 21:10:58 +00:00
- [SMTP `user_name` and `password` ](raketasks/smtp.md#secrets ).
2020-12-10 21:10:15 +00:00
2022-06-29 21:09:23 +00:00
To enable the encrypted configuration settings, a new base key must be generated for
2020-12-10 21:10:15 +00:00
`encrypted_settings_key_base` . The secret can be generated in the following ways:
**Omnibus Installation**
2022-06-29 21:09:23 +00:00
Starting with 13.7 the new secret is automatically generated for you, but you must ensure your
2020-12-10 21:10:15 +00:00
`/etc/gitlab/gitlab-secrets.json` contains the same values on all nodes.
**GitLab Cloud Native Helm Chart**
Starting with GitLab 13.7, the new secret is automatically generated if you have the `shared-secrets` chart enabled. Otherwise, you need
to follow the [secrets guide for adding the secret ](https://docs.gitlab.com/charts/installation/secrets.html#gitlab-rails-secret ).
**Source Installation**
The new secret can be generated by running:
```shell
bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true
```
2021-09-08 21:10:58 +00:00
This prints general information on the GitLab instance, but also causes the key to be generated in `<path-to-gitlab-rails>/config/secrets.yml` .
