I have the requirement to encrypt Gitlab backup data at rest. Has anyone found a way using Omnibus Gitlab to configure the gitlab:backup to upload the backup archive to an AWS S3 bucket requesting server side encryption as described here: Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys?
I’ve configured the upload successfully without server side encryption by following the Upload backups to remote (cloud) storage instructions in the Gitlab documentation. However, I have been unable to find the proper way to request server side encryption by sending the “x-amz-server-side-encryption” header as described in the above Amazon article.
I would prefer to do this the ‘Gitlab way’ rather than to install and run AWS Sync (or a similar tool) as described in AWS Sync to accomplish the upload after the backup is written to the local server’s backup directory.