Add support for AWS S3 Server-Side Encryption support

This adds support for AWS S3 SSE with S3 managed keys, this means the data is encrypted at rest and the encryption is handled transparently to the end user as well as in the AWS Console. This is optional and not required to make S3 uploads work.
author: Paul Beattie <paul@paul-beattie.com> 2015-09-10 16:57:43 +0100
committer: Paul Beattie <paul@paul-beattie.com> 2015-09-25 17:06:31 +0100
commit: 253d2320ab3d3473509d6abe4a62be90428f20c4 (patch)
tree: 4d30261c81ddb3e93f70b12101701735ed033844 /config
parent: b623391720e2687ca88c6bf1166ee571d85807fa (diff)
download: gitlab-ce-253d2320ab3d3473509d6abe4a62be90428f20c4.tar.gz
2 files changed, 17 insertions, 14 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 15930fc9079..c7174f86014 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -159,7 +159,7 @@ production: &base
         method: 'plain' # "tls" or "ssl" or "plain"
         bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
         password: '_the_password_of_the_bind_user'
-          
+
         # This setting specifies if LDAP server is Active Directory LDAP server.
         # For non AD servers it skips the AD specific queries.
         # If your LDAP server is not AD, set this to false.
@@ -204,13 +204,13 @@ production: &base
           # The username will be used in paths for the user's own projects
           # (like `gitlab.example.com/username/project`) and when mentioning
           # them in issues, merge request and comments (like `@username`).
-          # If the attribute specified for `username` contains an email address, 
+          # If the attribute specified for `username` contains an email address,
           # the GitLab username will be the part of the email address before the '@'.
           username: ['uid', 'userid', 'sAMAccountName']
           email:    ['mail', 'email', 'userPrincipalName']
 
           # If no full name could be found at the attribute specified for `name`,
-          # the full name is determined using the attributes specified for 
+          # the full name is determined using the attributes specified for
           # `first_name` and `last_name`.
           name:       'cn'
           first_name: 'givenName'
@@ -252,28 +252,28 @@ production: &base
     # arguments, followed by optional 'args' which can be either a hash or an array.
     # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
     providers:
-      # - { name: 'google_oauth2', 
+      # - { name: 'google_oauth2',
       #     label: 'Google',
-      #     app_id: 'YOUR_APP_ID', 
+      #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
       #     args: { access_type: 'offline', approval_prompt: '' } }
-      # - { name: 'twitter', 
-      #     app_id: 'YOUR_APP_ID', 
+      # - { name: 'twitter',
+      #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET' }
-      # - { name: 'github', 
+      # - { name: 'github',
       #     label: 'GitHub',
-      #     app_id: 'YOUR_APP_ID', 
+      #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
       #     args: { scope: 'user:email' } }
-      # - { name: 'gitlab', 
+      # - { name: 'gitlab',
       #     label: 'GitLab.com',
-      #     app_id: 'YOUR_APP_ID', 
+      #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
       #     args: { scope: 'api' } }
-      # - { name: 'bitbucket', 
-      #     app_id: 'YOUR_APP_ID', 
+      # - { name: 'bitbucket',
+      #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET' }
-      # - { name: 'saml', 
+      # - { name: 'saml',
       #     label: 'Our SAML Provider',
       #     args: {
       #             assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
@@ -319,6 +319,8 @@ production: &base
     #   # Use multipart uploads when file size reaches 100MB, see
     #   #  http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
     #   multipart_chunk_size: 104857600
+    #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
+    #   # encryption: 'AES256'
 
   ## GitLab Shell settings
   gitlab_shell:
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 48601b67335..4e4a8ecbdb3 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -229,6 +229,7 @@ if Settings.backup['upload']['connection']
   Settings.backup['upload']['connection'] = Hash[Settings.backup['upload']['connection'].map { |k, v| [k.to_sym, v] }]
 end
 Settings.backup['upload']['multipart_chunk_size'] ||= 104857600
+Settings.backup['upload']['encryption'] ||= nil
 
 #
 # Git
author	Paul Beattie <paul@paul-beattie.com>	2015-09-10 16:57:43 +0100
committer	Paul Beattie <paul@paul-beattie.com>	2015-09-25 17:06:31 +0100
commit	253d2320ab3d3473509d6abe4a62be90428f20c4 (patch)
tree	4d30261c81ddb3e93f70b12101701735ed033844 /config
parent	b623391720e2687ca88c6bf1166ee571d85807fa (diff)
download	gitlab-ce-253d2320ab3d3473509d6abe4a62be90428f20c4.tar.gz