Store OTP secret key in secrets.yml (!5274) · Merge requests · GitLab.org / GitLab FOSS

Sean McGivern requested to merge decouple-secret-keys into master Jul 15, 2016

What does this MR do?

Migrate the value of .secret to config/secrets.yml if present, so that .secret can be rotated without preventing all users with 2FA from logging in. (On a clean setup, generate different keys for each.)

Are there points in the code the reviewer needs to double check?

I'm not sure we actually need .secret at all after this, but it seems safer not to touch it.

Why was this MR needed?

We have some DB encryption keys in config/secrets.yml, and one in .secret. They should all be in the same place.

What are the relevant issue numbers?

#3963 (closed), which isn't closed until I make the relevant changes in Omnibus too.

Does this MR meet the acceptance criteria?

CHANGELOG entry added
Documentation created/updated
~~API support added~~
Tests
- Added for this feature/bug
- All builds are passing
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together

Store OTP secret key in secrets.yml

What does this MR do?

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

Merge request reports