## Summary Test GitLab Secrets Manager in a Geo failover scenario where the secondary site in on a secondary domain. Update existing docs to better cover that scenario, if needed. This is a follow-up to https://gitlab.com/gitlab-org/gitlab/-/work_items/571922+ that tested and documented a Geo failover scenario where the DNS record of the primary domain are updated to point to the secondary site. ## Scenario Test the following failover scenario: 1. Generate recovery key for OpenBao. See https://gitlab.com/gitlab-org/gitlab/-/work_items/594034 1. Fail over to a secondary site – it's accessible through the secondary domain. 1. Reconfigure OpenBao's JWT auth on the secondary site. Use recovery key. 1. Check that GitLab Secrets Manager is fully functional on the secondary. ## Implementation plan - [x] Test failover to secondary site with secondary domain. - [x] Confirm that JWT authentication can be reconfigured as needed. - [ ] Update [Geo disaster recovery](https://docs.gitlab.com/administration/geo/disaster_recovery/#step-4-optional-promote-the-openbao-ha-cluster) docs to cover the scenario. - [ ] Update [admin docs](https://docs.gitlab.com/administration/secrets_manager/), and specifically the section introduced in https://gitlab.com/gitlab-org/gitlab/-/work_items/593460. - [ ] Update OpenBao Chart docs if needed, and in particular the [Geo configuration](https://docs.gitlab.com/charts/charts/openbao/#geo-configuration) section.