Merge branch 'master' into 'master'

Add support for AWS S3 Server-Side Encryption support

This adds support for AWS S3 SSE with S3 managed keys, this means the
data is encrypted at rest and the encryption is handled transparently to
the end user as well as in the AWS Console.

## Points to double check
I'm unsure on the best way to the handle the default. I've followed the `multipart_upload` de facto in the app. I'm happy to change this if required or if it will impact elsewhere e.g. omnibus packages

I also think I've managed to catch all of the documentation for this change as well.

### Why is this required
Many enterprises require good backup support but also for this to be encrypted. By default backups aren't encrypted, this allows at rest encryption to be supported in GitLab backups providing a layer of security should the physical media not be properly disposed of.

Relates to issue #2478.


See merge request !1280

1 files changed, 2 insertions, 0 deletions

diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md
index 4ff5e74d438..b212964436f 100644
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -95,6 +95,8 @@ For installations from source:
         aws_secret_access_key: 'secret123'
       # The remote 'directory' to store your backups. For S3, this would be the bucket name.
       remote_directory: 'my.s3.bucket'
+      # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
+      # encryption: 'AES256'
 ```
 
 If you are uploading your backups to S3 you will probably want to create a new