Add support for specifying AWS Server Side Encryption (AWS-KMS) (!38240) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-s3-encryption into master Jul 29, 2020

Prior to this change, uploads to AWS S3 were only encrypted on the server if a default encryption were specified on the bucket.

With this change, admins can now configure the encryption and the AWS Key Management Service (KMS) key ID in GitLab Rails, and the configuration will be used in uploads. Bucket policies to enforce encryption can now be used since Workhorse sends the required headers (x-amz-server-side-encryption and x-amz-server-side-encryption-aws-kms-key-id).

This also refactors the object storage config parsing.

This requires gitlab-workhorse!537 (merged) to work.

Relates to #22200 (closed)

Edited Aug 04, 2020 by Stan Hu

Add support for specifying AWS Server Side Encryption (AWS-KMS)

Merge request reports