Add support for AWS S3 Server-Side Encryption support
This adds support for AWS S3 SSE with S3 managed keys, this means the data is encrypted at rest and the encryption is handled transparently to the end user as well as in the AWS Console. This is optional and not required to make S3 uploads work.
This commit is contained in:
parent
b623391720
commit
253d2320ab
|
@ -24,6 +24,7 @@ v 8.0.2 (unreleased)
|
|||
- Use standard Markdown font in Markdown preview instead of fixed-width font (Stan Hu)
|
||||
- Fix Reply by email for non-UTF-8 messages.
|
||||
- Add option to use StartTLS with Reply by email IMAP server.
|
||||
- Allow AWS S3 Server-Side Encryption with Amazon S3-Managed Keys for backups (Paul Beattie)
|
||||
|
||||
v 8.0.1
|
||||
- Remove git refs used internally by GitLab from network graph (Stan Hu)
|
||||
|
|
|
@ -319,6 +319,8 @@ production: &base
|
|||
# # Use multipart uploads when file size reaches 100MB, see
|
||||
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
|
||||
# multipart_chunk_size: 104857600
|
||||
# # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
|
||||
# # encryption: 'AES256'
|
||||
|
||||
## GitLab Shell settings
|
||||
gitlab_shell:
|
||||
|
|
|
@ -229,6 +229,7 @@ if Settings.backup['upload']['connection']
|
|||
Settings.backup['upload']['connection'] = Hash[Settings.backup['upload']['connection'].map { |k, v| [k.to_sym, v] }]
|
||||
end
|
||||
Settings.backup['upload']['multipart_chunk_size'] ||= 104857600
|
||||
Settings.backup['upload']['encryption'] ||= nil
|
||||
|
||||
#
|
||||
# Git
|
||||
|
|
|
@ -95,6 +95,8 @@ For installations from source:
|
|||
aws_secret_access_key: 'secret123'
|
||||
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
|
||||
remote_directory: 'my.s3.bucket'
|
||||
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
|
||||
# encryption: 'AES256'
|
||||
```
|
||||
|
||||
If you are uploading your backups to S3 you will probably want to create a new
|
||||
|
|
|
@ -45,7 +45,8 @@ module Backup
|
|||
directory = connection.directories.get(remote_directory)
|
||||
|
||||
if directory.files.create(key: tar_file, body: File.open(tar_file), public: false,
|
||||
multipart_chunk_size: Gitlab.config.backup.upload.multipart_chunk_size)
|
||||
multipart_chunk_size: Gitlab.config.backup.upload.multipart_chunk_size,
|
||||
encryption: Gitlab.config.backup.upload.encryption)
|
||||
$progress.puts "done".green
|
||||
else
|
||||
puts "uploading backup to #{remote_directory} failed".red
|
||||
|
|
Loading…
Reference in New Issue