[ci skip]

.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.

Discussed in gitlab-org/omnibus-gitlab#1453

[ci skip]

This reverts merge request !3839

This caused me a lot of pain until I caught on.
I also enhanced the GitLab Omnibus application data backup restore procedure.  I verified the procedure by executing it with GitLab 8.6.4. 

And the rest of GitLab should remain running.
Also clarified the rest of the GitLab Omnibus restore procedure.

[ci skip]

- Offloads uploading to GitLab Workhorse
- Use /authorize request for fast uploading
- Added backup recipes for artifacts
- Support download acceleration using X-Sendfile

This adds support for AWS S3 SSE with S3 managed keys, this means the
data is encrypted at rest and the encryption is handled transparently to
the end user as well as in the AWS Console. This is optional and not
required to make S3 uploads work.

Made sure to point out that the restore location can be overwritten by
an entry in the config.

This change helps system administrators who want to replicate
GitLab backup files without needing root permissions.

Add a troubleshooting section for backup restore docs, explain about warnings when using omnibus packages.

Rephrased wording in the documentation to say "installation from source" instead of  "manual installation" or similar.