Decouple secret keys from each other (!874) · Merge requests · GitLab.org / omnibus-gitlab

username-removed-443319 requested to merge decouple-secret-keys into master Jul 18, 2016

At the moment, the gitlab-rails secret_token is also used for encrypting OTP secrets in the DB. We can't fix this automatically without making people re-encrypt everything, or disable 2FA, but we can make this easier in future by making this explicit.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/3963. This should not be merged until after https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5274.

Admin message

Admin message

Decouple secret keys from each other

Merge request reports