b1aac0382c
Store OTP secret key in secrets.yml ## What does this MR do? Migrate the value of `.secret` to `config/secrets.yml` if present, so that `.secret` can be rotated without preventing all users with 2FA from logging in. (On a clean setup, generate different keys for each.) ## Are there points in the code the reviewer needs to double check? I'm not sure we actually need `.secret` at all after this, but it seems safer not to touch it. ## Why was this MR needed? We have some DB encryption keys in `config/secrets.yml`, and one in `.secret`. They should all be in the same place. ## What are the relevant issue numbers? #3963, which isn't closed until I make the relevant changes in Omnibus too. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5274 |
||
---|---|---|
.. | ||
1_settings.rb | ||
2_app.rb | ||
4_ci_app.rb | ||
5_backend.rb | ||
6_validations.rb | ||
active_record_query_trace.rb | ||
attr_encrypted_no_db_connection.rb | ||
backtrace_silencers.rb | ||
bullet.rb | ||
carrierwave.rb | ||
chronic_duration.rb | ||
connection_fix.rb | ||
cookies_serializer.rb | ||
date_time_formats.rb | ||
default_url_options.rb | ||
devise.rb | ||
devise_password_length.rb.example | ||
disable_email_interceptor.rb | ||
doorkeeper.rb | ||
gitlab_shell_secret_token.rb | ||
go_get.rb | ||
gollum.rb | ||
hamlit.rb | ||
health_check.rb | ||
inflections.rb | ||
kaminari_config.rb | ||
metrics.rb | ||
mime_types.rb | ||
mysql_ignore_postgresql_options.rb | ||
omniauth.rb | ||
postgresql_limit_fix.rb | ||
postgresql_opclasses_support.rb | ||
premailer.rb | ||
public_key.rb | ||
rack_attack.rb.example | ||
rack_attack_git_basic_auth.rb | ||
rack_lineprof.rb | ||
relative_naming_ci_namespace.rb | ||
relative_url.rb.sample | ||
request_profiler.rb | ||
secret_token.rb | ||
sentry.rb | ||
session_store.rb | ||
sherlock.rb | ||
sidekiq.rb | ||
smtp_settings.rb.sample | ||
static_files.rb | ||
time_zone.rb | ||
trusted_proxies.rb | ||
wrap_parameters.rb |