Deprecation of signature signing v2
Deprecation Summary
GitLab is deprecating support for AWS S3 signature signing v2 in the Container Registry. This deprecation is necessary as AWS SDK v2 no longer supports signature signing v2, and AWS has phased it out for new buckets and in certain regions. Users need to transition to signature signing v4, which is the current AWS standard.
Documentation
- Deprecation notice: #1449
Product Usage
AWS has phased out signature v2 signing for new buckets and certain regions. This deprecation aligns GitLab with AWS's current standards and ensures continued compatibility and security for our users.
Breaking Change?
Yes - This deprecation contains a breaking change as it will affect existing Container Registry configurations using v2 signatures.
Affected Customers
Who is affected by this deprecation:
-
GitLab.com -
Self-managed -
Dedicated
What pricing tiers are impacted:
-
GitLab Free -
GitLab Premium -
GitLab Ultimate
[x] Internal note outlining details of customer impact has been created
Deprecation Milestone
This deprecation will be announced in milestone: 17.8
Planned Removal Milestone
The feature / functionality will be removed in milestone: 18.0
Links
- Issue: #1449
- Documentation: https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md
Rollout Plan
DRI Engineers: [To be assigned] DRI Engineering Manager: [To be assigned]
Migration Steps:
- Check S3 storage backend configuration in GitLab Container Registry settings
- Remove the
v4auth: false
option if present - Verify existing credentials work with v4 authentication
- Regenerate AWS credentials if issues occur
Impact Assessment
- Severity: Low
- Scope: Project
- Resolution role: Maintainer
- Manual task required: Yes
- Implementation window: 3 months
Development Tasks
-
Update documentation to reflect v4 signature requirements -
Remove v2 signature support code -
Add validation checks for v2 signature configurations -
Implement warning messages for deprecated configurations -
Create migration verification tools
Communication Plan
DRI Product Manager: [To be assigned]
Internal Communication
-
Create comprehensive internal note for customer-facing teams -
Schedule training sessions for support teams -
Prepare troubleshooting guides for common migration issues
External Communication
-
Announce deprecation in release notes -
Update all relevant documentation -
Create migration guide -
Send targeted communications to affected customers