Encrypted Configuration
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
GitLab can read settings for certain features from encrypted settings files. The supported features are:
- Incoming email
user
andpassword
. - LDAP
bind_dn
andpassword
. - Service Desk email
user
andpassword
. - SMTP
user_name
andpassword
.
To enable the encrypted configuration settings, a new base key must be generated for
encrypted_settings_key_base
. The secret can be generated in the following ways:
For Linux package installations, the new secret is automatically generated for you, but you must ensure your
/etc/gitlab/gitlab-secrets.json
contains the same values on all nodes.For Helm chart installations, the new secret is automatically generated if you have the
shared-secrets
chart enabled. Otherwise, you need to follow the secrets guide for adding the secret.For self-compiled installations, the new secret can be generated by running:
bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true
This prints general information on the GitLab instance and generates the key in
<path-to-gitlab-rails>/config/secrets.yml
.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support