Add S3 server side encryption settings (!1549) · Merge requests · GitLab.org / charts / GitLab Chart

Stan Hu requested to merge sh-add-s3-storage-options into master Sep 07, 2020

Prior to this change, uploads to AWS S3 were only encrypted on the server if a default encryption were specified on the bucket.

With this change, admins can now configure the encryption and the AWS Key Management Service (KMS) key ID, and the configuration will be used in uploads. Bucket policies to enforce encryption can now be used since Workhorse sends the required headers (x-amz-server-side-encryption and x-amz-server-side-encryption-aws-kms-key-id). The bucket policy cannot be enforced with default encryption, since that is applied after the check.

Related merge requests:

gitlab-org/gitlab!38240 (merged)
gitlab-org/gitlab-workhorse!537 (merged)

Part of gitlab-org/gitlab#22200 (closed)

Relates to #1012 (closed)

Edited Sep 10, 2020 by Stan Hu

Add S3 server side encryption settings

Merge request reports