diff options
| author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-09-29 10:31:42 +0000 |
|---|---|---|
| committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-09-29 10:31:42 +0000 |
| commit | 958af6f5c220731a2ee274c343d818751d388762 (patch) | |
| tree | 5e7ee7ac61880b93dd6db26cd772cc97483998d8 /lib | |
| parent | e1b7fcedfb24353c857a160cd0c981f02fb2542a (diff) | |
| parent | 253d2320ab3d3473509d6abe4a62be90428f20c4 (diff) | |
| download | gitlab-ce-958af6f5c220731a2ee274c343d818751d388762.tar.gz | |
Merge branch 'master' into 'master'
Add support for AWS S3 Server-Side Encryption support
This adds support for AWS S3 SSE with S3 managed keys, this means the
data is encrypted at rest and the encryption is handled transparently to
the end user as well as in the AWS Console.
## Points to double check
I'm unsure on the best way to the handle the default. I've followed the `multipart_upload` de facto in the app. I'm happy to change this if required or if it will impact elsewhere e.g. omnibus packages
I also think I've managed to catch all of the documentation for this change as well.
### Why is this required
Many enterprises require good backup support but also for this to be encrypted. By default backups aren't encrypted, this allows at rest encryption to be supported in GitLab backups providing a layer of security should the physical media not be properly disposed of.
Relates to issue #2478.
See merge request !1280
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/backup/manager.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb index ac63f89c6ec..5c42f25f4a2 100644 --- a/lib/backup/manager.rb +++ b/lib/backup/manager.rb @@ -45,7 +45,8 @@ module Backup directory = connection.directories.get(remote_directory) if directory.files.create(key: tar_file, body: File.open(tar_file), public: false, - multipart_chunk_size: Gitlab.config.backup.upload.multipart_chunk_size) + multipart_chunk_size: Gitlab.config.backup.upload.multipart_chunk_size, + encryption: Gitlab.config.backup.upload.encryption) $progress.puts "done".green else puts "uploading backup to #{remote_directory} failed".red @@ -55,7 +56,7 @@ module Backup def cleanup $progress.print "Deleting tmp directories ... " - + backup_contents.each do |dir| next unless File.exist?(File.join(Gitlab.config.backup.path, dir)) @@ -75,7 +76,7 @@ module Backup if keep_time > 0 removed = 0 - + Dir.chdir(Gitlab.config.backup.path) do file_list = Dir.glob('*_gitlab_backup.tar') file_list.map! { |f| $1.to_i if f =~ /(\d+)_gitlab_backup.tar/ } |