-
由 Stan Hu 创作于Prior to this change, uploads to AWS S3 were only encrypted on the server if a default encryption were specified on the bucket. With this change, admins can now configure the encryption and the AWS Key Management Service (KMS) key ID in GitLab Rails, and the configuration will be used in uploads. Bucket policies to enforce encryption can now be used since Workhorse sends the required headers (`x-amz-server-side-encryption` and `x-amz-server-side-encryption-aws-kms-key-id`). The bucket policy cannot be enforced with default encryption, since that is applied after the check. This requires the changes in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38240 to work. Part of https://gitlab.com/gitlab-org/gitlab/-/issues/22200
由 Stan Hu 创作于Prior to this change, uploads to AWS S3 were only encrypted on the server if a default encryption were specified on the bucket. With this change, admins can now configure the encryption and the AWS Key Management Service (KMS) key ID in GitLab Rails, and the configuration will be used in uploads. Bucket policies to enforce encryption can now be used since Workhorse sends the required headers (`x-amz-server-side-encryption` and `x-amz-server-side-encryption-aws-kms-key-id`). The bucket policy cannot be enforced with default encryption, since that is applied after the check. This requires the changes in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38240 to work. Part of https://gitlab.com/gitlab-org/gitlab/-/issues/22200
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。