Skip to content

GitLab

and though bugs are the bane of my existence, rest assured the wretched thing will get the best of care here

Encrypted Configuration (FREE SELF)

Introduced in GitLab 13.7.

GitLab can read settings for certain features from encrypted settings files. The supported features are:

In order to enable the encrypted configuration settings, a new base key needs to be generated for encrypted_settings_key_base. The secret can be generated in the following ways:

Omnibus Installation

Starting with 13.7 the new secret is automatically generated for you, but you will need to ensure your /etc/gitlab/gitlab-secrets.json contains the same values on all nodes.

GitLab Cloud Native Helm Chart

Starting with GitLab 13.7, the new secret is automatically generated if you have the shared-secrets chart enabled. Otherwise, you need to follow the secrets guide for adding the secret.

Source Installation

The new secret can be generated by running:

bundle exec rake gitlab:env:info RAILS_ENV=production GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE=true

This will print general information on the GitLab instance, but will also cause the key to be generated in <path-to-gitlab-rails>/config/secrets.yml