Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

4 files changed, 109 insertions, 4 deletions

diff --git a/doc/administration/raketasks/check.md b/doc/administration/raketasks/check.md
index bcc2f838565..56bf711f187 100644
--- a/doc/administration/raketasks/check.md
+++ b/doc/administration/raketasks/check.md
@@ -21,7 +21,7 @@ There are 3 things that are checked to determine integrity.
 1. Check for `config.lock` in the repository directory.
 1. Check for any branch/references lock files in `refs/heads`.
 
-It's important to note that the existence of `config.lock` or reference locks
+The existence of `config.lock` or reference locks
 alone do not necessarily indicate a problem. Lock files are routinely created
 and removed as Git and GitLab perform operations on the repository. They serve
 to prevent data integrity issues. However, if a Git operation is interrupted these
diff --git a/doc/administration/raketasks/doctor.md b/doc/administration/raketasks/doctor.md
index ec3f7835b9c..02d1557b6a4 100644
--- a/doc/administration/raketasks/doctor.md
+++ b/doc/administration/raketasks/doctor.md
@@ -70,6 +70,7 @@ bundle exec rake gitlab:doctor:secrets RAILS_ENV=production VERBOSE=1
 **Example verbose output**
 
 <!-- vale gitlab.SentenceSpacing = NO -->
+
 ```plaintext
 I, [2020-06-11T17:17:54.951815 #27148]  INFO -- : Checking encrypted values in the database
 I, [2020-06-11T17:18:12.677708 #27148]  INFO -- : - ApplicationSetting failures: 0
@@ -83,4 +84,5 @@ I, [2020-06-11T17:18:15.575533 #27148]  INFO -- : - ScimOauthAccessToken failure
 I, [2020-06-11T17:18:15.575678 #27148]  INFO -- : Total: 1 row(s) affected
 I, [2020-06-11T17:18:15.575711 #27148]  INFO -- : Done!
 ```
+
 <!-- vale gitlab.SentenceSpacing = YES -->
diff --git a/doc/administration/raketasks/smtp.md b/doc/administration/raketasks/smtp.md
new file mode 100644
index 00000000000..c738f1dcd00
--- /dev/null
+++ b/doc/administration/raketasks/smtp.md
@@ -0,0 +1,103 @@
+---
+stage: Enablement
+group: Distribution
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# SMTP Rake tasks **(FREE SELF)**
+
+[Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67802) in GitLab 14.2.
+
+The following are SMTP-related Rake tasks.
+
+## Secrets
+
+GitLab can use SMTP configuration secrets to read from an encrypted file. The following Rake tasks are provided for updating the contents of the encrypted file.
+
+### Show secret
+
+Show the contents of the current SMTP secrets.
+
+**Omnibus Installation**
+
+```shell
+sudo gitlab-rake gitlab:smtp:secret:show
+```
+
+**Source Installation**
+
+```shell
+bundle exec rake gitlab:smtp:secret:show RAILS_ENV=production
+```
+
+**Example output:**
+
+```plaintext
+password: '123'
+user_name: 'gitlab-inst'
+```
+
+### Edit secret
+
+Opens the secret contents in your editor, and writes the resulting content to the encrypted secret file when you exit.
+
+**Omnibus Installation**
+
+```shell
+sudo gitlab-rake gitlab:smtp:secret:edit EDITOR=vim
+```
+
+**Source Installation**
+
+```shell
+bundle exec rake gitlab:smtp:secret:edit RAILS_ENV=production EDITOR=vim
+```
+
+### Write raw secret
+
+Write new secret content by providing it on STDIN.
+
+**Omnibus Installation**
+
+```shell
+echo -e "password: '123'" | sudo gitlab-rake gitlab:smtp:secret:write
+```
+
+**Source Installation**
+
+```shell
+echo -e "password: '123'" | bundle exec rake gitlab:smtp:secret:write RAILS_ENV=production
+```
+
+### Secrets examples
+
+**Editor example**
+
+The write task can be used in cases where the edit command does not work with your editor:
+
+```shell
+# Write the existing secret to a plaintext file
+sudo gitlab-rake gitlab:smtp:secret:show > smtp.yaml
+# Edit the smtp file in your editor
+...
+# Re-encrypt the file
+cat smtp.yaml | sudo gitlab-rake gitlab:smtp:secret:write
+# Remove the plaintext file
+rm smtp.yaml
+```
+
+**KMS integration example**
+
+It can also be used as a receiving application for content encrypted with a KMS:
+
+```shell
+gcloud kms decrypt --key my-key --keyring my-test-kms --plaintext-file=- --ciphertext-file=my-file --location=us-west1 | sudo gitlab-rake gitlab:smtp:secret:write
+```
+
+**Google Cloud secret integration example**
+
+It can also be used as a receiving application for secrets out of Google Cloud:
+
+```shell
+gcloud secrets versions access latest --secret="my-test-secret" > $1 | sudo gitlab-rake gitlab:smtp:secret:write
+```
diff --git a/doc/administration/raketasks/uploads/migrate.md b/doc/administration/raketasks/uploads/migrate.md
index ab0a51ba8d6..0628e351b63 100644
--- a/doc/administration/raketasks/uploads/migrate.md
+++ b/doc/administration/raketasks/uploads/migrate.md
@@ -133,9 +133,9 @@ migrate your data out of object storage and back into your local storage.
 
 WARNING:
 **Extended downtime is required** so no new files are created in object storage during
-the migration. A configuration setting is planned to allow migrating
-from object storage to local files with only a brief moment of downtime for configuration changes.
-To follow progress, see the [relevant issue](https://gitlab.com/gitlab-org/gitlab/-/issues/30979).
+the migration. A configuration setting to allow migrating
+from object storage to local files with only a brief moment of downtime for configuration changes
+is tracked [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/30979).
 
 ### All-in-one Rake task