Added instructions for database encryption key in Geo

0fcc0454 · Gabriel Mazetto · 42adc0f3 · 0fcc0454
Commit 0fcc0454 authored Apr 22, 2016 by Gabriel Mazetto
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletion

doc/gitlab-geo/configuration.md doc/gitlab-geo/configuration.md +14 -1

No files found.
--- a/doc/gitlab-geo/configuration.md
+++ b/doc/gitlab-geo/configuration.md
@@ -14,7 +14,8 @@ complete the process.
 - [Create SSH key pairs for Geo nodes](#create-ssh-key-pairs-for-geo-nodes)
 - [Primary Node GitLab setup](#primary-node-gitlab-setup)
 - [Secondary Node GitLab setup](#secondary-node-gitlab-setup)
-    - [Authorized keys regeneration](#authorized-keys-regeneration)
+  - [Database Encryptation Key](#database-encryptation-key)
+  - [Authorized keys regeneration](#authorized-keys-regeneration)

 <!-- END doctoc generated TOC please keep comment here to allow auto update -->

@@ -119,6 +120,18 @@ Edition installation, with some extra requirements:
 - Your secondary node should be allowed to communicate via HTTP/HTTPS and
  SSH with your primary node (make sure your firewall is not blocking that).

+### Database Encryption Key
+
+GitLab stores a unique encryption key in disk that we use to safely store sensitive
+data in the database.
+
+Any secondary node must have the exact same value for `db_key_base` as defined in the primary one.
+
+For Omnibus installations it is stored at `/etc/gitlab/gitlab-secrets.json`.
+
+For Source installations it is stored at `/home/git/gitlab/config/secrets.yml`.
+
+
 ### Authorized keys regeneration

 The final step will be to regenerate the keys for `.ssh/authorized_keys` using