Support for AWS S3 SSE-KMS when using the object storage to store artifacts
Description
We want to store our artifacts on S3 instead of the disk of our GitLab instance. We have security policies forcing us to store the objects on S3 with SSE enabled. Currently, GitLab doesn't allow to pass custom attributes to carrierwave/fog.
Proposal
Edit (2020-07-23): This particular workaround might have worked in past, but probably will not work with current version of GitLab.
As a workaround we added the following block inside the object storage class:
def fog_attributes
{
cache_control: 'max-age=315576000',
encryption: 'AES256',
acl: 'private'
}
end
I believe it should be handled the same way credentials are managed, and we should be able to configure it from Omnibus.
Links / references
https://docs.gitlab.com/ee/administration/job_artifacts.html#s3-compatible-connection-settings
Edited by Stan Hu