Sean McGivern 405379bbfc Store OTP secret key in secrets.yml ... .secret stores the secret token used for both encrypting login cookies and for encrypting stored OTP secrets. We can't rotate this, because that would invalidate all existing OTP secrets. If the secret token is present in the .secret file or an environment variable, save it as otp_key_base in secrets.yml. Now .secret can be rotated without invalidating OTP secrets. If the secret token isn't present (initial setup), then just generate a separate otp_key_base and save in secrets.yml. Update the docs to reflect that secrets.yml needs to be retained past upgrades, but .secret doesn't.		2016-08-03 15:46:37 +01:00
..
assets	Merge branch 'fix-filter-input-alignment' into 'master'	2016-08-03 09:50:03 +00:00
controllers	Merge branch 'rs-external-issue-tracker-redirect' into 'master'	2016-08-02 23:22:30 +00:00
finders	State specific default sort order for issuables	2016-08-01 11:28:56 +02:00
helpers	Merge branch 'rs-external-issue-tracker-redirect' into 'master'	2016-08-02 23:22:30 +00:00
mailers	Allow build email service to be tested	2016-07-15 20:38:27 -03:00
models	Store OTP secret key in secrets.yml	2016-08-03 15:46:37 +01:00
services	webhooks: include old revision in MR update events	2016-08-01 11:20:07 -04:00
uploaders	Remove magic comments from Ruby files (!5456)	2016-07-24 07:08:45 +02:00
validators	refactor url validator to use sanitizer for check	2016-07-01 09:02:45 +02:00
views	Merge branch 'rs-external-issue-tracker-redirect' into 'master'	2016-08-02 23:22:30 +00:00
workers	Merge remote-tracking branch 'upstream/master' into new-issue-by-email	2016-07-27 18:11:50 +08:00