forked from mirrors/nixpkgs
nixos/gitlab: Mention secret option transition in release notes
Document the breaking secret option transition from literal secrets to file-based ones.
This commit is contained in:
parent
d70eba7ab3
commit
7e325c2251
|
@ -484,6 +484,28 @@
|
|||
(<literal>citrix_workspace</literal>).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>,
|
||||
<option>services.gitlab.databasePassword</option>,
|
||||
<option>services.gitlab.initialRootPassword</option>,
|
||||
<option>services.gitlab.secrets.secret</option>,
|
||||
<option>services.gitlab.secrets.db</option>,
|
||||
<option>services.gitlab.secrets.otp</option> and
|
||||
<option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>,
|
||||
<option>services.gitlab.databasePasswordFile</option>,
|
||||
<option>services.gitlab.initialRootPasswordFile</option>,
|
||||
<option>services.gitlab.secrets.secretFile</option>,
|
||||
<option>services.gitlab.secrets.dbFile</option>,
|
||||
<option>services.gitlab.secrets.otpFile</option> and
|
||||
<option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored
|
||||
in the world-readable nix store, but means that for each option you'll have to create a file with
|
||||
the same exact string, add "File" to the end of the option name, and change the definition to a
|
||||
string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
|
||||
becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
|
||||
file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
|
Loading…
Reference in a new issue