diff options
Diffstat (limited to 'doc/administration/encrypted_configuration.md')
-rw-r--r-- | doc/administration/encrypted_configuration.md | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/doc/administration/encrypted_configuration.md b/doc/administration/encrypted_configuration.md new file mode 100644 index 00000000000..01a1cf66bdc --- /dev/null +++ b/doc/administration/encrypted_configuration.md @@ -0,0 +1,37 @@ +--- +stage: Enablement +group: Distribution +info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers" +type: reference +--- + +# Encrypted Configuration **(CORE ONLY)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45712) in GitLab 13.7. + +GitLab can read settings for certain features from encrypted settings files. The supported features are: + +- [LDAP `user_bn` and `password`](auth/ldap/index.md#using-encrypted-credentials) + +In order to enable the encrypted configuration settings, a new base key needs to be generated for +`encrypted_settings_key_base`. The secret can be generated in the following ways: + +**Omnibus Installation** + +Starting with 13.7 the new secret is automatically generated for you, but you will need to ensure your +`/etc/gitlab/gitlab-secrets.json` contains the same values on all nodes. + +**GitLab Cloud Native Helm Chart** + +Starting with GitLab 13.7, the new secret is automatically generated if you have the `shared-secrets` chart enabled. Otherwise, you need +to follow the [secrets guide for adding the secret](https://docs.gitlab.com/charts/installation/secrets.html#gitlab-rails-secret). + +**Source Installation** + +The new secret can be generated by running: + +```shell +bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true +``` + +This will print general info on the GitLab instance, but will also cause the key to be generated in `<path-to-gitlab-rails>/config/secrets.yml` |