summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2015-07-15 14:53:29 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2015-07-15 14:57:01 +0200
commit0def90b9ca498cbf7c170ad6187f64bc164767e0 (patch)
tree5778967244a3f3cc3ca09f7be02c84ec3b954b0d
parent1b0c5d5f2aca1f6c1e3ff6a1fc3011463987ec3e (diff)
downloadgitlab-ci-secrets-perm.tar.gz
Create config/secrets.yml with 0600secrets-perm
Diffstat
-rw-r--r--config/initializers/secret_token.rb2
-rw-r--r--doc/install/installation.md4
-rw-r--r--doc/update/7.12-to-7.13.md1
3 files changed, 3 insertions, 4 deletions
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 7ebae44..32883cf 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -36,7 +36,7 @@ if GitlabCi::Application.secrets.secret_key_base.blank? || GitlabCi::Application
all_secrets[Rails.env] = env_secrets
# save secrets
- File.open('config/secrets.yml', 'w') do |file|
+ File.open('config/secrets.yml', 'w', 0600) do |file|
file.write(YAML.dump(all_secrets))
end
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 9f476b6..8cbc858 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -121,6 +121,7 @@ We recommend PostgreSQL but you can also use MySQL
# Copy the example secrets file
sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml
+ sudo -u gitlab_ci -H chmod 0600 config/secrets.yml
# Edit web server settings
sudo -u gitlab_ci -H cp config/unicorn.rb.example config/unicorn.rb
@@ -135,9 +136,6 @@ We recommend PostgreSQL but you can also use MySQL
# Change the permissions of the directory where build traces are stored
sudo chmod -R u+rwX builds/
- # Make sure GitLab CI can write to the builds/ directory
- sudo chmod -R u+rwX builds
-
### Install gems
# For MySQL (note, the option says "without ... postgres")
diff --git a/doc/update/7.12-to-7.13.md b/doc/update/7.12-to-7.13.md
index 7fc85f6..2877c29 100644
--- a/doc/update/7.12-to-7.13.md
+++ b/doc/update/7.12-to-7.13.md
@@ -37,6 +37,7 @@ otherwise your secrets are exposed if one of your backups is compromised.
```
sudo -u gitlab_ci -H cp config/secrets.yml.example config/secrets.yml
+sudo -u gitlab_ci -H chmod 0600 config/secrets.yml
```
### 5. Install libs, migrations etc
View Lorry Controller Status