Skip to content

Commit

Permalink
Add AWS_BACKUP_ENCRYPTION ENV to enable aws backup aes encryption bac…
Browse files Browse the repository at this point in the history
…kups

Also refactor the multi part config to match
  • Loading branch information
drubin committed Dec 29, 2017
1 parent 94d5f68 commit 5ea41eb
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 5 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1027,6 +1027,7 @@ Below is the complete list of available options that can be used to customize yo
| `AWS_BACKUP_SECRET_ACCESS_KEY` | AWS secret access key. No defaults. |
| `AWS_BACKUP_BUCKET` | AWS bucket for backup uploads. No defaults. |
| `AWS_BACKUP_MULTIPART_CHUNK_SIZE` | Enables mulitpart uploads when file size reaches a defined size. See at [AWS S3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) |
| `AWS_BACKUP_ENCRYPTION` | Turns on AWS Server-Side Encryption. Defaults to `false`. See at [AWS s3 Docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) |
| `GCS_BACKUPS` | Enables automatic uploads to an Google Cloud Storage (GCS) instance. Defaults to `false`. |
| `GCS_BACKUP_ACCESS_KEY_ID` | GCS access key id. No defaults |
| `GCS_BACKUP_SECRET_ACCESS_KEY` | GCS secret access key. No defaults |
Expand Down
10 changes: 6 additions & 4 deletions assets/runtime/config/gitlabhq/gitlab.yml
Original file line number Diff line number Diff line change
Expand Up @@ -512,13 +512,15 @@ production: &base
aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory: '{{AWS_BACKUP_BUCKET}}'
#start-multipart
#start-multipart-aws
# Use multipart uploads when file size reaches 100MB, see
# http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
multipart_chunk_size: {{AWS_BACKUP_MULTIPART_CHUNK_SIZE}}
#end-multipart
# # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
# # encryption: 'AES256'
#end-multipart-aws
#start-encryption-aws
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
encryption: 'AES256'
#end-encryption-aws
# Fog storage connection settings, see http://fog.io/storage/ .
#end-aws
#start-gcs
Expand Down
1 change: 1 addition & 0 deletions assets/runtime/env-defaults
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID}
AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY}
AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE}
AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION}

### GCS BACKUPS
GCS_BACKUPS=${GCS_BACKUPS:-false}
Expand Down
6 changes: 5 additions & 1 deletion assets/runtime/functions
Original file line number Diff line number Diff line change
Expand Up @@ -791,7 +791,11 @@ gitlab_configure_backups_aws() {
fi

if [[ -z ${AWS_BACKUP_MULTIPART_CHUNK_SIZE} ]]; then
exec_as_git sed -i "/#start-multipart/,/#end-multipart/d" ${GITLAB_CONFIG}
exec_as_git sed -i "/#start-multipart-aws/,/#end-multipart-aws/d" ${GITLAB_CONFIG}
fi

if [[ ${AWS_BACKUP_ENCRYPTION} != true ]]; then
exec_as_git sed -i "/#start-encryption-aws/,/#end-encryption-aws/d" ${GITLAB_CONFIG}
fi

if [[ -z ${AWS_BACKUP_REGION} && -z ${AWS_BACKUP_ENDPOINT} ]]; then
Expand Down

0 comments on commit 5ea41eb

Please sign in to comment.