Seamless GitLab backups to object storage
Problem to solve
We currently require manual configuration to setup backups of your GitLab instance. This is configuring not just the job, but also the destination of where backups can be stored. If you would like to utilize object storage like S3, this also means setting up things in the AWS console as well as copying a bunch of secrets locally.
It would be great to make this easier, so you can simply opt-in to backups.
Intended users
Further details
Proposal
As part of our broader cloud GitLab services, we should explore a turnkey backup service.
We could:
- Provision an object storage bucket for an instance
- Automatically configure the backup job to store there, as well as setup a cronjob to take daily snapshots
- Make it easy to list backups and restore from the CLI
- Show in a cloud console the current backup status, and provide alerts if we did not get the daily snapshot
Permissions and Security
Ensure that the client cannot overwrite, modify, or store arbitrary files here. This would help protect against potential ransomware attacks against the self-managed instance (as it could not compromise or encrypt the backup), as well as try to ensure this storage is not abused for purposes other than backups.
The attack vector to consider is if a bad actor has compromised all accounts on the GitLab instance, has root access to the box it's hosted on, and has compromised all network traffic in the customer's network. A sort of "diode" should prevent lateral movement of the attacker from that state into the backup snapshots.