1.6 KiB
stage | group | info | type |
---|---|---|---|
Systems | Distribution | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments | reference |
Encrypted Configuration (FREE SELF)
Introduced in GitLab 13.7.
GitLab can read settings for certain features from encrypted settings files. The supported features are:
To enable the encrypted configuration settings, a new base key must be generated for
encrypted_settings_key_base
. The secret can be generated in the following ways:
Omnibus Installation
Starting with 13.7 the new secret is automatically generated for you, but you must ensure your
/etc/gitlab/gitlab-secrets.json
contains the same values on all nodes.
GitLab Cloud Native Helm Chart
Starting with GitLab 13.7, the new secret is automatically generated if you have the shared-secrets
chart enabled. Otherwise, you need
to follow the secrets guide for adding the secret.
Source Installation
The new secret can be generated by running:
bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true
This prints general information on the GitLab instance, but also causes the key to be generated in <path-to-gitlab-rails>/config/secrets.yml
.