Support SSL/TLS for Gitaly
We should consider adding SSL/TLS for communication between Gitaly and Gitlab. Even though the network maybe secured, customers in certain industries are very concerned about encrypting data in transport.
gRPC has SSL/TLS integration and promotes the use of SSL/TLS to authenticate the server, and to encrypt all the data exchanged between the client and the server
SSL/TLS was previously discussed but postponed:
TLS work will require a fair amount of effort from the production team (eg: CA management, client and server certificate creation, etc) and this work would need to be properly planned and resourced, so the longer we can plan ahead on it the better.
We will reschedule the TLS and authentication work for a future release.
Proposal
Implement SSL/TLS support for Gitaly, specifically where the server has a certificate (e.g. not mutual TLS where the client has a certificate too)