Docs feedback: Backup and restore, When the secrets file is lost
Docs page: Backup and restore, Troubleshooting: When the secrets file is lost
This unfortunately happend to me the other day; the NAS containing the virtual harddisks of my GitLab-CE installation died and took the system disk with it. And the backups were only database etc. since the config backups were in /etc and I didn't remember to copy those.
Fortunately, it was mostly a testing system; but unfortunately I couldn't just get it back to a working state with the instructions on this page.
One thing not listed on the page as reset instructions (which is listed as non-exhaustive example of where the secrets file might apply) is WebHooks, which refuse to work when anything is entered as secret token (regardless of whether the other side of the hook uses it, or whether it actually makes sense as data). The only indication of them being broken was the fact that I tried to look at them and the page broke with a 500.
CI Variables being on the page leaves me thinking whether WebHooks should also be listed there; since they are as much of a common thing as CI is.
Another one that isn't on the page at all is integrations. In my case, it was a Jira integration; and all I could find using the search was instructions for a different integration (I don't exactly remember which one, might've been Redmine or something; not to mention it was completely by chance after attempting something else entirely). After thinking long and hard I was able to put 1 and 1 together to remove the entries from the right tables.
Given the amount of integrations offers, it might not be practical to list all of them individually; but they should at least be mentioned somewhere and potentially get a cookie-cutter example on how to clear one of them (since the table names seemed similar enough to see a pattern).
Compared to the WebHooks tho, this one caused pretty much every page of the project to 500, which made it not only obvious that something is amiss but also impossible to fix using just the UI.
It might help someone in the future to include some sort of hint; even the slightest "any place that uses passwords or tokens" could help. While the page talks about 2FA and "sensitive information", not listing examples might hit others (just like me) that do not immediately draw that connection.
On a side note (which probably belongs in its own issue), it would be really nice if the UI could just handle those cases gracefully and let a user fix them using the UI; by leaving a big and red message pointing to the integration causing the issue and just leaving the protected fields empty/dotted/asterisk'd/in some way highlighted - at least that's how I can see it play out in my head (since only the sensitive fields appear to be encrypted in the database, not the whole settings).