Skip to content

Deprecation of signature signing v2

Deprecation Summary

GitLab is deprecating support for AWS S3 signature signing v2 in the Container Registry. This deprecation is necessary as AWS SDK v2 no longer supports signature signing v2, and AWS has phased it out for new buckets and in certain regions. Users need to transition to signature signing v4, which is the current AWS standard.

Documentation

  • Deprecation notice: #1449

Product Usage

AWS has phased out signature v2 signing for new buckets and certain regions. This deprecation aligns GitLab with AWS's current standards and ensures continued compatibility and security for our users.

Breaking Change?

Yes - This deprecation contains a breaking change as it will affect existing Container Registry configurations using v2 signatures.

Affected Customers

Who is affected by this deprecation:

  • GitLab.com
  • Self-managed
  • Dedicated

What pricing tiers are impacted:

  • GitLab Free
  • GitLab Premium
  • GitLab Ultimate

[x] Internal note outlining details of customer impact has been created

Deprecation Milestone

This deprecation will be announced in milestone: 17.8

Planned Removal Milestone

The feature / functionality will be removed in milestone: 18.0

Links

Rollout Plan

DRI Engineers: [To be assigned] DRI Engineering Manager: [To be assigned]

Migration Steps:

  1. Check S3 storage backend configuration in GitLab Container Registry settings
  2. Remove the v4auth: false option if present
  3. Verify existing credentials work with v4 authentication
  4. Regenerate AWS credentials if issues occur

Impact Assessment

  • Severity: Low
  • Scope: Project
  • Resolution role: Maintainer
  • Manual task required: Yes
  • Implementation window: 3 months

Development Tasks

  • Update documentation to reflect v4 signature requirements
  • Remove v2 signature support code
  • Add validation checks for v2 signature configurations
  • Implement warning messages for deprecated configurations
  • Create migration verification tools

Communication Plan

DRI Product Manager: [To be assigned]

Internal Communication

  • Create comprehensive internal note for customer-facing teams
  • Schedule training sessions for support teams
  • Prepare troubleshooting guides for common migration issues

External Communication

  • Announce deprecation in release notes
  • Update all relevant documentation
  • Create migration guide
  • Send targeted communications to affected customers

Labels

Edited by Tim Rizzi