Encrypted Configuration
Tier: Free, Premium, Ultimate
Offering: Self-managed
GitLab can read settings for certain features from encrypted settings files. The supported features are:
-
Incoming email
user
andpassword
. -
LDAP
bind_dn
andpassword
. -
Service Desk email
user
andpassword
. -
SMTP
user_name
andpassword
.
To enable the encrypted configuration settings, a new base key must be generated for
encrypted_settings_key_base
. The secret can be generated in the following ways:
- For Linux package installations, the new secret is automatically generated for you, but you must ensure your
/etc/gitlab/gitlab-secrets.json
contains the same values on all nodes. - For Helm chart installations, the new secret is automatically generated if you have the
shared-secrets
chart enabled. Otherwise, you need to follow the secrets guide for adding the secret. -
For self-compiled installations, the new secret can be generated by running:
bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true
This prints general information on the GitLab instance and generates the key in
<path-to-gitlab-rails>/config/secrets.yml
.