Support S3's Customer Managed Keys for Distributed Cache
Description
A GitLab Premium customer reports internally that default S3-SSE keys are not sufficient for them:
… custom KMS customer-managed key … is a requirement for our organization.
And note that
… Runner Manager instance IAM Instance Profile [already] allows decryption using that key
Proposal
Implement support for CMKs when Runners access the cache via S3.
Links to related issues and merge requests / references
- Previous comment on wrong issue: gitlab#226006 (comment 674321826)
- Recent GET work on KMS for "data at rest" in RDS: https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/247