@@ -14,10 +14,10 @@ another is through backup restore.
...
@@ -14,10 +14,10 @@ another is through backup restore.
You need to keep separate copies of `/etc/gitlab/gitlab-secrets.json` and
You need to keep separate copies of `/etc/gitlab/gitlab-secrets.json` and
`/etc/gitlab/gitlab.rb` (for omnibus packages) or
`/etc/gitlab/gitlab.rb` (for omnibus packages) or
`/home/git/gitlab/config/secrets.yml` (for installations from source). This file
`/home/git/gitlab/config/secrets.yml` (for installations from source). This file
contains the database encryption keys used for two-factor authentication and
contains the database encryption keys used for two-factor authentication and CI
project import credentials, among other things. If you restore a GitLab backup
secret variables, among other things. If you restore a GitLab backup without
without restoring the database encryption key, users who have two-factor
restoring the database encryption key, users who have two-factor authentication
authentication enabled will lose access to your GitLab server.
enabled will lose access to your GitLab server.
```
```
# use this command if you've installed GitLab with the Omnibus package
# use this command if you've installed GitLab with the Omnibus package
...
@@ -224,9 +224,10 @@ If you use an Omnibus package please see the [instructions in the readme to back
...
@@ -224,9 +224,10 @@ If you use an Omnibus package please see the [instructions in the readme to back
If you have a cookbook installation there should be a copy of your configuration in Chef.
If you have a cookbook installation there should be a copy of your configuration in Chef.
If you have an installation from source, please consider backing up your `config/secrets.yml` file, `gitlab.yml` file, any SSL keys and certificates, and your [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079).
If you have an installation from source, please consider backing up your `config/secrets.yml` file, `gitlab.yml` file, any SSL keys and certificates, and your [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079).
At the very **minimum** you should backup `/etc/gitlab/gitlab-secrets.json`
At the very **minimum** you should backup `/etc/gitlab/gitlab.rb` and
(Omnibus) or `/home/git/gitlab/config/secrets.yml` (source) to preserve your
`/etc/gitlab/gitlab-secrets.json` (Omnibus), or
database encryption key.
`/home/git/gitlab/config/secrets.yml` (source) to preserve your database
encryption key.
## Restore a previously created backup
## Restore a previously created backup
...
@@ -242,10 +243,10 @@ All existing data will be either erased (SQL) or moved to a separate
...
@@ -242,10 +243,10 @@ All existing data will be either erased (SQL) or moved to a separate
directory (repositories, uploads).
directory (repositories, uploads).
If some or all of your GitLab users are using two-factor authentication (2FA)
If some or all of your GitLab users are using two-factor authentication (2FA)
then you must also make sure to restore `/etc/gitlab/gitlab-secrets.json`
then you must also make sure to restore `/etc/gitlab/gitlab.rb` and
(Omnibus) or `/home/git/gitlab/config/secrets.yml` (installations from
`/etc/gitlab/gitlab-secrets.json` (Omnibus), or
source). Note that you need to run `gitlab-ctl reconfigure` after changing
`/home/git/gitlab/config/secrets.yml` (installations from source). Note that you
`gitlab-secrets.json`.
need to run `gitlab-ctl reconfigure` after changing `gitlab-secrets.json`.