-1

I have reinstalled GitLab and forgot to back up the gitlab-secrets.json file.

Now I cannot enable 2FA (was disabled) and I'm seeing this error in the production.log file:

Completed 500 Internal Server Error in 15ms (ActiveRecord: 1.3ms)

OpenSSL::Cipher::CipherError (bad decrypt):
  app/controllers/profiles/two_factor_auths_controller.rb:5:in `show'
  lib/gitlab/i18n.rb:47:in `with_locale'
  lib/gitlab/i18n.rb:53:in `with_user_locale'
  app/controllers/application_controller.rb:337:in `set_locale'
  lib/gitlab/middleware/multipart.rb:93:in `call'
  lib/gitlab/request_profiler/middleware.rb:14:in `call'
  lib/gitlab/middleware/go.rb:17:in `call'
  lib/gitlab/etag_caching/middleware.rb:11:in `call'
  lib/gitlab/middleware/read_only.rb:30:in `call'
  lib/gitlab/request_context.rb:18:in `call'
  lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'

Is there anything I could do to fix it without losing any data?

GitLab CE ver. 10.1.0

SEB
  • 59
  • 1
  • 9
  • In my case, where there was only a problem with 2FA, I just recreated problematic users and everything seems to work fine now. I'm using a new secret json file that got created during the reinstallation. Of course, I now keep it in a secure place so it can be restored at any time :) – SEB Nov 21 '17 at 20:17

2 Answers2

0

Sorry to say, but you are out of luck if you can't find a backup.

If you ever need to restore a GitLab application backup you need to also restore gitlab-secrets.json. If you do not, GitLab users who are using two-factor authentication will lose access to your GitLab server and 'secure variables' stored in GitLab CI will be lost.

https://docs.gitlab.com/omnibus/settings/backups.html#backup-and-restore-omnibus-gitlab-configuration

JGC
  • 5,725
  • 1
  • 32
  • 30
0

if you used omnibus to install gitlab, maybe my ways could help. For a reason, I had to reinstall gitlab, and I encountered almost the same 500 bad decrypt error after I'd done it. I didn't know to backup that secret file at all at that time. I assume that you can access your gitlab website, can see the project list, but cannot directly open them because bad decrypt error (can open it by adding /tree/master). Here are my ways:

  1. /var/opt/gitlab ------ Gitlab data files here. Backup them.
  2. Download a minor upgrade version, which may help migrate your database encrypt info into to a new one.
  3. Find a new machine, install gitlab(the previous version), restore data file and then upgrade it to that new downloaded version.
  4. See if it is solved

For me, my previous gitlab version was 8.9.3, and after I reinstalled the exectly same version without backup the gitlab-secrets.json, I encountered 500 bad decrypt error. Then I upgraded it to 8.17.7, which is just a minor version upgrade. I notice a database migration and after that all the database encrypt info updated. Then I can open all my projects without 500.

    Checking PostgreSQL executables: OK
Shutting down all GitLab services except those needed for migrations
ok: down: gitlab-workhorse: 0s, normally up
ok: down: logrotate: 0s, normally up
ok: down: postgresql: 1s, normally up
ok: down: sidekiq: 0s, normally up
ok: down: unicorn: 1s, normally up
ok: run: postgresql: (pid 14987) 0s
run: postgresql: (pid 14987) 0s; run: log: (pid 15964) 159018s
Reconfiguring GitLab to apply migrations
init (upstart 0.6.5)


  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs

  * Symlinking existing certificates found in /etc/gitlab/trusted-certs
gitlab Reconfigured!
Daniel SONG
  • 1
  • Actually, my only problem was enabling 2fa for users. I could successfully do everything else like accessing projects and work with them. – SEB Nov 21 '17 at 20:14