Introduce consolidated object storage for backups to enable encrypted S3 buckets for backups

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

This feature proposal seeks to:

• introduce consolidated object storage for backups
• in order to permit the usage of encrypted S3 buckets for backups

Based on this table, backups are not supported by consolidated storage configuration. We note that consolidated object storage configuration has a number of advantages, including:

It enables the use of encrypted S3 buckets.

User experience goal

The user should be able to use consolidated object storage and AWS SSE-S3 or SSE-KMS for GitLab backup files.

Proposal

• Add support for consolidated object storage
• Add support for kms_key_id in backups, which sends the x-amz-server-side-encryption-aws-kms-key-id header.

Further details

Customers have expressed a desire to encrypt all data that is stored in object storage. Bringing consolidated object storage to backups will permit them to make use of consolidated object storage and encrypted S3 bucktes. In this table, backups and Mattermost are the two items that do not currently support consolidated object storage.

Documentation

Things that will need to be updated include:

• https://docs.gitlab.com/ee/administration/object_storage.html#storage-specific-configuration -> to note Yes for backups
• https://docs.gitlab.com/ee/administration/object_storage.html#consolidated-object-storage-configuration -> to include example config

Availability & Testing

Available Tier

• Free
• Premium/Silver
• Ultimate/Gold

What does success look like, and how can we measure that?

Users can make use of consolidated object storage and encrypted S3 buckets for backups.

What is the type of buyer?

• Skyler
• Kennedy

Is this a cross-stage feature?

I don't believe so.

Links / references

• #22200 (closed)