Cleanup encrypted path syntax

config/initializers/1_settings.rb

@@ -7,7 +7,8 @@ Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared")
 
 Settings['encrypted_settings'] ||= Settingslogic.new({})
-Settings.encrypted_settings['path'] = Settings.absolute(Settings.encrypted_settings['path'] || File.join(Settings.shared['path'], "encrypted_settings"))
+Settings.encrypted_settings['path'] ||= File.join(Settings.shared['path'], "encrypted_settings")
+Settings.encrypted_settings['path'] = Settings.absolute(Settings.encrypted_settings['path'])
 
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?

config/settings.rb

@@ -154,7 +154,7 @@ class Settings < Settingslogic
 
     def encrypted(path)
       Gitlab::EncryptedConfiguration.new(
-        content_path: Settings.absolute(path),
+        content_path: path,
         base_key: Gitlab::Application.secrets.encrypted_settings_key_base,
         previous_keys: Gitlab::Application.secrets.rotated_encrypted_settings_key_base || []
       )

spec/config/settings_spec.rb

@@ -145,10 +145,6 @@ RSpec.describe Settings do
       Settings.encrypted('tmp/tests/test.enc')
     end
 
-    it 'defaults the config path within the rails root' do
-      expect(Settings.encrypted('tmp/tests/test.enc').content_path.fnmatch?(File.join(Rails.root, '**'))).to be true
-    end
-
     it 'returns empty encrypted config when a key has not been set' do
       allow(Gitlab::Application.secrets).to receive(:encrypted_settings_key_base).and_return(nil)
       expect(Settings.encrypted('tmp/tests/test.enc').read).to be_empty