diff --git a/app/models/user.rb b/app/models/user.rb
index 5e84d2da805..f5eeba27572 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -59,6 +59,8 @@ class User < ActiveRecord::Base
   # Override Devise::Models::Trackable#update_tracked_fields!
   # to limit database writes to at most once every hour
   def update_tracked_fields!(request)
+    return if Gitlab::Database.read_only?
+
     update_tracked_fields(request)
 
     lease = Gitlab::ExclusiveLease.new("user_update_tracked_fields:#{id}", timeout: 1.hour.to_i)
diff --git a/changelogs/unreleased/sh-guard-read-only-user-updates.yml b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
new file mode 100644
index 00000000000..b8dbd840ed9
--- /dev/null
+++ b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
@@ -0,0 +1,5 @@
+---
+title: Don't attempt to update user tracked fields if database is in read-only
+merge_request:
+author:
+type: fixed
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 1815696a8a0..3531de244bd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -496,6 +496,14 @@ describe User do
         user2.update_tracked_fields!(request)
       end.to change { user2.reload.current_sign_in_at }
     end
+
+    it 'does not write if the DB is in read-only mode' do
+      expect(Gitlab::Database).to receive(:read_only?).and_return(true)
+
+      expect do
+        user.update_tracked_fields!(request)
+      end.not_to change { user.reload.current_sign_in_at }
+    end
   end
 
   shared_context 'user keys' do