Bad Decrypt Script (for encrypted variables)
See https://gitlab.com/snippets/1730735/raw.
This script will go through all the encrypted variables and count how many are not able
to be decrypted. Might be helpful to run on multiple nodes to see which gitlab-secrets.json
file is most up to date:
wget -O /tmp/bad-decrypt.rb https://gitlab.com/snippets/1730735/raw
gitlab-rails runner /tmp/bad-decrypt.rb
If ProjectImportData Bad count:
is detected and the decision is made to delete the
encrypted credentials to allow manual reentry:
# Find the ids of the corrupt ProjectImportData objects
total = 0
bad = []
ProjectImportData.find_each do |data|
begin
total += 1
data.credentials
rescue => e
bad << data.id
end
end
puts "Bad count: #{bad.count} / #{total}"
# See the bad ProjectImportData ids
bad
# Remove the corrupted credentials
import_data = ProjectImportData.where(id: bad)
import_data.each do |data|
data.update_columns({ encrypted_credentials: nil, encrypted_credentials_iv: nil, encrypted_credentials_salt: nil})
end
If User OTP Secret Bad count:
is detected. For each user listed disable/enable
two-factor authentication.