2026-01-18 13:58:25 +00:00 · 2017-12-29 16:26:41 +01:00 · 2017-12-29 16:26:41 +01:00 · 5ea41eb3d6
commit 5ea41eb3d6
parent 94d5f687df
4 changed files with 13 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -1027,6 +1027,7 @@ Below is the complete list of available options that can be used to customize yo
 | `AWS_BACKUP_SECRET_ACCESS_KEY` | AWS secret access key. No defaults. |
 | `AWS_BACKUP_BUCKET` | AWS bucket for backup uploads. No defaults. |
 | `AWS_BACKUP_MULTIPART_CHUNK_SIZE` | Enables mulitpart uploads when file size reaches a defined size. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) |
+| `AWS_BACKUP_ENCRYPTION`     | Turns on AWS Server-Side Encryption.  Defaults to `false`. See at [AWS s3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) |
 | `GCS_BACKUPS` | Enables automatic uploads to an Google Cloud Storage (GCS) instance. Defaults to `false`.  |
 | `GCS_BACKUP_ACCESS_KEY_ID` | GCS access key id. No defaults |
 | `GCS_BACKUP_SECRET_ACCESS_KEY` | GCS secret access key. No defaults |
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@ -512,13 +512,15 @@ production: &base
        aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
      # The remote 'directory' to store your backups. For S3, this would be the bucket name.
      remote_directory: '{{AWS_BACKUP_BUCKET}}'
-      #start-multipart
+      #start-multipart-aws
      # Use multipart uploads when file size reaches 100MB, see
      # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
      multipart_chunk_size: {{AWS_BACKUP_MULTIPART_CHUNK_SIZE}}
-      #end-multipart
-      #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
-      #   # encryption: 'AES256'
+      #end-multipart-aws
+      #start-encryption-aws
+      # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
+      encryption: 'AES256'
+      #end-encryption-aws
      # Fog storage connection settings, see http://fog.io/storage/ .
      #end-aws
      #start-gcs
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@ -158,6 +158,7 @@ AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID}
 AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY}
 AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
 AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE}
+AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION}

 ### GCS BACKUPS
 GCS_BACKUPS=${GCS_BACKUPS:-false}
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@ -791,7 +791,11 @@ gitlab_configure_backups_aws() {
    fi

    if [[ -z ${AWS_BACKUP_MULTIPART_CHUNK_SIZE} ]]; then
-      exec_as_git sed -i "/#start-multipart/,/#end-multipart/d" ${GITLAB_CONFIG}
+      exec_as_git sed -i "/#start-multipart-aws/,/#end-multipart-aws/d" ${GITLAB_CONFIG}
+    fi
+
+    if [[ ${AWS_BACKUP_ENCRYPTION} != true ]]; then
+      exec_as_git sed -i "/#start-encryption-aws/,/#end-encryption-aws/d" ${GITLAB_CONFIG}
    fi

    if [[ -z ${AWS_BACKUP_REGION} && -z ${AWS_BACKUP_ENDPOINT} ]]; then