Back in the day I used normal docker containers sameersbn/gitlab:8.7.3 , sameersbn/postgresql:9.4-21 and sameersbn/redis:latest.
I had only one secret GITLAB_SECRETS_DB_KEY_BASE that was probably used for my two-factor login.
I decided to use docker-compose approach and copied there yml file and used the same DB_KEY_BASE but filled in something difference in the other secrets.
GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
I slowly docker up/down my way up in higher versions. Everything was working fine, maybe I got lucky because there was a browser session still active? Because after my upgrade to gitlab 9.1.0 I'm getting a page 500 after I fill in the two-factor code. Even the recovery codes don't work.
Did I break everything by filling in a different secret in GITLAB_SECRETS_OTP_KEY_BASE?
I solved this hard to find issue
I took the value out of /home/git/data/.secret which is a leftover from older gitlabs and past it in my docker-compose variables GITLAB_SECRETS_OTP_KEY_BASE and GITLAB_SECRETS_SECRET_KEY_BASE
And everything works fine again :)