Add support for AWS S3 Server-Side Encryption support (!1280) · Merge requests · GitLab.org / GitLab FOSS

Paul Beattie requested to merge paulbeattie/gitlab-ce:master into master Sep 10, 2015

This adds support for AWS S3 SSE with S3 managed keys, this means the data is encrypted at rest and the encryption is handled transparently to the end user as well as in the AWS Console.

Points to double check

I'm unsure on the best way to the handle the default. I've followed the multipart_upload de facto in the app. I'm happy to change this if required or if it will impact elsewhere e.g. omnibus packages

I also think I've managed to catch all of the documentation for this change as well.

Why is this required

Many enterprises require good backup support but also for this to be encrypted. By default backups aren't encrypted, this allows at rest encryption to be supported in GitLab backups providing a layer of security should the physical media not be properly disposed of.

Relates to issue #2478 (closed).

Add support for AWS S3 Server-Side Encryption support

Points to double check

Why is this required

Merge request reports