Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
9caefb34
Commit
9caefb34
authored
Jan 09, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
d5333443
3f01f0c5
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
17 additions
and
0 deletions
+17
-0
changelogs/unreleased/backup_aws_sse-c.yml
changelogs/unreleased/backup_aws_sse-c.yml
+5
-0
config/gitlab.yml.example
config/gitlab.yml.example
+4
-0
config/initializers/1_settings.rb
config/initializers/1_settings.rb
+1
-0
doc/raketasks/backup_restore.md
doc/raketasks/backup_restore.md
+5
-0
lib/backup/manager.rb
lib/backup/manager.rb
+1
-0
spec/lib/backup/manager_spec.rb
spec/lib/backup/manager_spec.rb
+1
-0
No files found.
changelogs/unreleased/backup_aws_sse-c.yml
0 → 100644
View file @
9caefb34
title
:
Add support for customer provided encryption keys for Amazon S3 remote backups
merge_request
:
23797
author
:
Pepijn Van Eeckhoudt
type
:
added
config/gitlab.yml.example
View file @
9caefb34
...
@@ -771,6 +771,10 @@ production: &base
...
@@ -771,6 +771,10 @@ production: &base
# multipart_chunk_size: 104857600
# multipart_chunk_size: 104857600
# # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
# # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
# # encryption: 'AES256'
# # encryption: 'AES256'
# # Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional
# # This should be set to the 256-bit, base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data.
# # 'encryption' must also be set in order for this to have any effect.
# # encryption_key: '<base64 key>'
# # Specifies Amazon S3 storage class to use for backups, this is optional
# # Specifies Amazon S3 storage class to use for backups, this is optional
# # storage_class: 'STANDARD'
# # storage_class: 'STANDARD'
...
...
config/initializers/1_settings.rb
View file @
9caefb34
...
@@ -467,6 +467,7 @@ Settings.backup['archive_permissions'] ||= 0600
...
@@ -467,6 +467,7 @@ Settings.backup['archive_permissions'] ||= 0600
Settings
.
backup
[
'upload'
]
||=
Settingslogic
.
new
({
'remote_directory'
=>
nil
,
'connection'
=>
nil
})
Settings
.
backup
[
'upload'
]
||=
Settingslogic
.
new
({
'remote_directory'
=>
nil
,
'connection'
=>
nil
})
Settings
.
backup
[
'upload'
][
'multipart_chunk_size'
]
||=
104857600
Settings
.
backup
[
'upload'
][
'multipart_chunk_size'
]
||=
104857600
Settings
.
backup
[
'upload'
][
'encryption'
]
||=
nil
Settings
.
backup
[
'upload'
][
'encryption'
]
||=
nil
Settings
.
backup
[
'upload'
][
'encryption_key'
]
||=
ENV
[
'GITLAB_BACKUP_ENCRYPTION_KEY'
]
Settings
.
backup
[
'upload'
][
'storage_class'
]
||=
nil
Settings
.
backup
[
'upload'
][
'storage_class'
]
||=
nil
#
#
...
...
doc/raketasks/backup_restore.md
View file @
9caefb34
...
@@ -311,6 +311,11 @@ For installations from source:
...
@@ -311,6 +311,11 @@ For installations from source:
remote_directory: 'my.s3.bucket'
remote_directory: 'my.s3.bucket'
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
# encryption: 'AES256'
# encryption: 'AES256'
# Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional
# This should be set to the base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data.
# 'encryption' must also be set in order for this to have any effect.
# To avoid storing the key on disk, the key can also be specified via the `GITLAB_BACKUP_ENCRYPTION_KEY` environment variable.
# encryption_key: '<base64 key>'
# Specifies Amazon S3 storage class to use for backups, this is optional
# Specifies Amazon S3 storage class to use for backups, this is optional
# storage_class: 'STANDARD'
# storage_class: 'STANDARD'
```
```
...
...
lib/backup/manager.rb
View file @
9caefb34
...
@@ -50,6 +50,7 @@ module Backup
...
@@ -50,6 +50,7 @@ module Backup
if
directory
.
files
.
create
(
key:
remote_target
,
body:
File
.
open
(
tar_file
),
public:
false
,
if
directory
.
files
.
create
(
key:
remote_target
,
body:
File
.
open
(
tar_file
),
public:
false
,
multipart_chunk_size:
Gitlab
.
config
.
backup
.
upload
.
multipart_chunk_size
,
multipart_chunk_size:
Gitlab
.
config
.
backup
.
upload
.
multipart_chunk_size
,
encryption:
Gitlab
.
config
.
backup
.
upload
.
encryption
,
encryption:
Gitlab
.
config
.
backup
.
upload
.
encryption
,
encryption_key:
Gitlab
.
config
.
backup
.
upload
.
encryption_key
,
storage_class:
Gitlab
.
config
.
backup
.
upload
.
storage_class
)
storage_class:
Gitlab
.
config
.
backup
.
upload
.
storage_class
)
progress
.
puts
"done"
.
color
(
:green
)
progress
.
puts
"done"
.
color
(
:green
)
else
else
...
...
spec/lib/backup/manager_spec.rb
View file @
9caefb34
...
@@ -266,6 +266,7 @@ describe Backup::Manager do
...
@@ -266,6 +266,7 @@ describe Backup::Manager do
remote_directory:
'directory'
,
remote_directory:
'directory'
,
multipart_chunk_size:
104857600
,
multipart_chunk_size:
104857600
,
encryption:
nil
,
encryption:
nil
,
encryption_key:
nil
,
storage_class:
nil
storage_class:
nil
}
}
)
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment