-
Stan Hu authored
Prior to this change, uploads to AWS S3 were only encrypted on the server if a default encryption were specified on the bucket. With this change, admins can now configure the encryption and the AWS Key Management Service (KMS) key ID in GitLab Rails, and the configuration will be used in uploads. Bucket policies to enforce gencryption can now be used since Workhorse sends the required headers (`x-amz-server-side-encryption` and `x-amz-server-side-encryption-aws-kms-key-id`). This also refactors the object storage config parsing. This requires https://gitlab.com/gitlab-org/gitlab-workhorse/-/merge_requests/537 to work. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/22200
ba8654a2