Gitlab Disable Encryption In Self Hosted Server

Currently we are working on migrating our self hosted gitlab from digital ocean to AWS. The issue we are finding is when trying to restore the server where the database seems to break and we have to perform some steps to restore the functionality. This issue is related to gitlab having encryption configuration for some settings, when we restore the gitlab into a new server we are facing problems specifically with the secrets encryption so we are considering disabling encryption on the entire server to check if the migration goes as expected. Is there any idea on how to disable encryption on the server?

You need to copy /etc/gitlab/gitlab.rb and /etc/gitlab/gitlab-secrets.json from the old server to the new server under /etc/gitlab. Then you would have no problems with restoring the system.

The normal process for doing that is:

  1. Install same version of Gitlab on new server.
  2. Copy gitlab.rb and gitlab-secrets.json to /etc/gitlab on new server.
  3. Run gitlab-ctl reconfigure to read the config and prepare database.
  4. Run gitlab-ctl restart to ensure all is working.
  5. Run restore procedures to restore backup.

If you do not backup gitlab-secrets.json then you cannot restore your server. It says that here in the docs: Restore GitLab | GitLab

all the info is in the Gitlab restore documentation on how to restore Gitlab successfully and this is what you should be following.

1 Like

There is in theory also this: Back up GitLab | GitLab

which outlines manual steps you need to take to get it working again without the secrets. But to be honest, it’s much easier and quicker to make sure you have a backup of gitlab-secrets.json and copy this to the new server. I don’t see a reason otherwise for using this, unless the file was corrupted, lost, or forgotten to back it up before realising you needed it. There is no other quicker way than what is outlined there.

So if those steps are too much for you, use the gitlab-secrets.json file which saves huge amounts of effort.

Thanks for the response @iwalker, I still am wondering if it is possible to disable totally encryption on the server, is that possible?

As per the documentation and information I posted, no there is nothing about totally disabling it. The methods are exactly as I explained in my post.


Thanks @iwalker !