diff options
| author | Sean McGivern <sean@gitlab.com> | 2016-07-15 13:19:29 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2016-08-03 15:46:37 +0100 |
| commit | 405379bbfcb7821b3dae77e5254362f2d696bb7d (patch) | |
| tree | ca84c70e92cb701694ac91d62879aa6d56490da7 /CHANGELOG | |
| parent | 1ee1113696702919d2593839d09042c7e6391b89 (diff) | |
| download | gitlab-ce-405379bbfcb7821b3dae77e5254362f2d696bb7d.tar.gz | |
Store OTP secret key in secrets.yml
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.
If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.
If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.
Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 472faa05b75..f61c4d78433 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -133,6 +133,7 @@ v 8.10.0 - Add API "deploy_keys" for admins to get all deploy keys - Allow to pull code with deploy key from public projects - Use limit parameter rather than hardcoded value in `ldap:check` rake task (Mike Ricketts) + - Store OTP secret key in secrets.yml with other DB encryption keys - Add Sidekiq queue duration to transaction metrics. - Add a new column `artifacts_size` to table `ci_builds`. !4964 - Let Workhorse serve format-patch diffs |