Store OTP secret key in secrets.yml
What does this MR do?
Migrate the value of .secret
to config/secrets.yml
if present, so that .secret
can be rotated without preventing all users with 2FA from logging in. (On a clean setup, generate different keys for each.)
Are there points in the code the reviewer needs to double check?
I'm not sure we actually need .secret
at all after this, but it seems safer not to touch it.
Why was this MR needed?
We have some DB encryption keys in config/secrets.yml
, and one in .secret
. They should all be in the same place.
What are the relevant issue numbers?
#3963 (closed), which isn't closed until I make the relevant changes in Omnibus too.
Does this MR meet the acceptance criteria?
-
CHANGELOG entry added -
Documentation created/updated API support added- Tests
-
Added for this feature/bug -
All builds are passing
-
-
Conform by the style guides -
Branch has no merge conflicts with master
(if you do - rebase it please) -
Squashed related commits together