Encrypted Configuration
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
GitLab can read settings for certain features from encrypted settings files. The supported features are:
- Incoming email
userandpassword. - LDAP
bind_dnandpassword. - Service Desk email
userandpassword. - SMTP
user_nameandpassword.
To enable the encrypted configuration settings, a new base key must be generated for
encrypted_settings_key_base. The secret can be generated in the following ways:
For Linux package installations, the new secret is automatically generated for you, but you must ensure your
/etc/gitlab/gitlab-secrets.jsoncontains the same values on all nodes.For Helm chart installations, the new secret is automatically generated if you have the
shared-secretschart enabled. Otherwise, you need to follow the secrets guide for adding the secret.For self-compiled installations, the new secret can be generated by running:
bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=trueThis prints general information on the GitLab instance and generates the key in
<path-to-gitlab-rails>/config/secrets.yml.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support