Commit graph

14 commits

Author SHA1 Message Date
GitLab Bot
c65a2b8a6c Add latest changes from gitlab-org/gitlab@master 2020-05-18 00:08:13 +00:00
GitLab Bot
886c682334 Add latest changes from gitlab-org/gitlab@master 2019-10-20 21:06:17 +00:00
Vladimir Shushlin
4687ff7c9b Store Let's Encrypt private key in settings
Storing this key in secrets.yml was a bad idea,
it would require users using HA setups to manually
replicate secrets across nodes during update,
it also needed support from omnibus package

* Revert "Generate Let's Encrypt private key"
  This reverts commit 444959bfa0.

* Add Let's Encrypt private key to settings
  as encrypted attribute

* Generate Let's Encrypt private key
  in database migration
2019-05-28 04:47:34 +00:00
Vladimir Shushlin
444959bfa0 Generate Let's Encrypt private key 2019-05-09 13:45:25 +00:00
Stan Hu
f93b2e02a5 Run rubocop -a on CE files 2019-05-05 03:24:28 -07:00
Takuya Noguchi
e902f462c2 Eliminate duplicated words
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
2018-11-22 01:01:23 +09:00
Stan Hu
b5c706326a Upgrade to Ruby 2.4.4
Fixes that make this work:

* A change in Ruby (ce635262f5)
requires passing in the exact required length for OpenSSL keys and IVs.

* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.
2018-05-29 15:19:33 -07:00
Markus Koller
26eadca48c
Upgrade doorkeeper-openid_connect 2017-09-20 17:38:33 +02:00
Rémy Coutable
ddccd24c13 Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-07-27 14:31:53 +02:00
Markus Koller
c498289048 Implement OpenID Connect identity provider 2017-03-07 14:54:35 +01:00
Adam Niedzielski
a8177e03e5 Introduce "stub_env" test helper for safely stubbing environment variables 2017-01-09 18:19:48 +01:00
Sean McGivern
90565b5f95 Give priority to environment variables
If an environment variable exists for secret_key_base, use that -
always. But don't save it to secrets.yml.

Also ensure that we never write to secrets.yml if there's a non-blank
value there.
2016-08-03 15:48:48 +01:00
Sean McGivern
379c2cbcbd Store all secret keys in secrets.yml
Move the last secret from .secret to config/secrets.yml, and delete
.secret if it exists.
2016-08-03 15:48:47 +01:00
Sean McGivern
405379bbfc Store OTP secret key in secrets.yml
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
2016-08-03 15:46:37 +01:00