Is GitLab.com Encrypted?

My company is considering using GitLab.com for our git repository. Before we can do this, we need to know… Will our uploaded code be encrypted? It seems like it should be, and Merge Request 1280 seems to allude to the fact that it does support Server-Side Encryption, however this is a merge only for GitLab CE. It is my understanding that GitLab.com is an AWS instance running GitLab EE.

It does not seem that there is any readily visible documentation anywhere which states “Your files are safe on our servers, and reasonably well protected by (some type of) encryption.” It seems that GitLab is a “tall poppy” so to speak, as it hosts quite a bit of IP, and we want to make sure that if there was a security breach, our files are not sitting as plaintext amongst many other projects.

Thank you in advance for the answer!

Kyle Nahas

1 Like

Hi Kyle,

GitLab does not currently offer server-side encryption. GitLab.com runs on Azure not AWS using GitLab EE. We have seperate storage servers and implement security measures to ensure these are sufficiently protected.

If you’re looking at keeping your data well protected, we recommend installing your own GitLab EE instance and self-managing the server.

Thanks,

Since migrating from Azure to GCP, all GitLab.com data is encrypted on the server-side :lock:.

3 Likes

More specific question around GCP in 2020

Thanks Greg, a further (frequently asked) question is just posted at How is gitlab.com encrypted on GCP at rest as of 2020?