Comprehensive support for invalidation/rotation of tokens and secrets in GitLab
Proposal
Today, GitLab stores a number of tokens and secrets in it's database and in it's configuration files, and comprehensive support for invalidating and rotating them is needed.
For tokens like runner registration tokens, we need to be able to quickly invalidate them and cause them to be rotated, on an instance level, and potentially on per-group/per-project levels.
For secrets like the db_key_base, we need to be able to rotate it and cause all encrypted database attributes and files to be re-encrypted using the new secret before invalidating the old secret.
Possibly related issues: