doc/administration/raketasks/incoming_email.md
{{< details >}}
{{< /details >}}
{{< history >}}
{{< /history >}}
The following are Incoming email-related Rake tasks.
GitLab can use Incoming email secrets read from an encrypted file instead of storing them in plaintext in the file system. The following Rake tasks are provided for updating the contents of the encrypted file.
Show the contents of the current Incoming email secrets.
{{< tabs >}}
{{< tab title="Linux package (Omnibus)" >}}
sudo gitlab-rake gitlab:incoming_email:secret:show
{{< /tab >}}
{{< tab title="Helm chart (Kubernetes)" >}}
Use a Kubernetes secret to store the incoming email password. For more information, read about Helm IMAP secrets.
{{< /tab >}}
{{< tab title="Docker" >}}
sudo docker exec -t <container name> gitlab:incoming_email:secret:show
{{< /tab >}}
{{< tab title="Self-compiled (source)" >}}
bundle exec rake gitlab:incoming_email:secret:show RAILS_ENV=production
{{< /tab >}}
{{< /tabs >}}
password: 'examplepassword'
user: '[email protected]'
Opens the secret contents in your editor, and writes the resulting content to the encrypted secret file when you exit.
{{< tabs >}}
{{< tab title="Linux package (Omnibus)" >}}
sudo gitlab-rake gitlab:incoming_email:secret:edit EDITOR=vim
{{< /tab >}}
{{< tab title="Helm chart (Kubernetes)" >}}
Use a Kubernetes secret to store the incoming email password. For more information, read about Helm IMAP secrets.
{{< /tab >}}
{{< tab title="Docker" >}}
sudo docker exec -t <container name> gitlab:incoming_email:secret:edit EDITOR=editor
{{< /tab >}}
{{< tab title="Self-compiled (source)" >}}
bundle exec rake gitlab:incoming_email:secret:edit RAILS_ENV=production EDITOR=vim
{{< /tab >}}
{{< /tabs >}}
Write new secret content by providing it on STDIN.
{{< tabs >}}
{{< tab title="Linux package (Omnibus)" >}}
echo -e "password: 'examplepassword'" | sudo gitlab-rake gitlab:incoming_email:secret:write
{{< /tab >}}
{{< tab title="Helm chart (Kubernetes)" >}}
Use a Kubernetes secret to store the incoming email password. For more information, read about Helm IMAP secrets.
{{< /tab >}}
{{< tab title="Docker" >}}
sudo docker exec -t <container name> /bin/bash
echo -e "password: 'examplepassword'" | gitlab-rake gitlab:incoming_email:secret:write
{{< /tab >}}
{{< tab title="Self-compiled (source)" >}}
echo -e "password: 'examplepassword'" | bundle exec rake gitlab:incoming_email:secret:write RAILS_ENV=production
{{< /tab >}}
{{< /tabs >}}
Editor example
The write task can be used in cases where the edit command does not work with your editor:
# Write the existing secret to a plaintext file
sudo gitlab-rake gitlab:incoming_email:secret:show > incoming_email.yaml
# Edit the incoming_email file in your editor
...
# Re-encrypt the file
cat incoming_email.yaml | sudo gitlab-rake gitlab:incoming_email:secret:write
# Remove the plaintext file
rm incoming_email.yaml
KMS integration example
It can also be used as a receiving application for content encrypted with a KMS:
gcloud kms decrypt --key my-key --keyring my-test-kms --plaintext-file=- --ciphertext-file=my-file --location=us-west1 | sudo gitlab-rake gitlab:incoming_email:secret:write
Google Cloud secret integration example
It can also be used as a receiving application for secrets out of Google Cloud:
gcloud secrets versions access latest --secret="my-test-secret" > $1 | sudo gitlab-rake gitlab:incoming_email:secret:write