Add Support for Encryption in MinIO Configuration for Gitea

[eyeteekay]

Feature Description

Summary

Gitea currently supports using MinIO as an object storage backend. However, the documentation does not indicate whether server-side encryption (SSE), particularly SSE-C, is supported. SSE-C is important for users who want to manage their own encryption keys for enhanced data security.

MinIO supports SSE-C encryption out of the box, which allows clients to retain full control of their encryption keys. If Gitea could be configured to leverage this feature, it would greatly enhance the security capabilities for users relying on MinIO as their object storage backend.

Additionally, updating the documentation to include configuration details for SSE-C would provide clear guidance for users.

Why is this feature important?

Encryption is a crucial part of securing object storage, especially for sensitive data. SSE-C allows users to maintain full control of their encryption keys, aligning with compliance requirements and security best practices.

Adding support for and documenting the use of SSE-C in the MinIO configuration will:

• Enhance the security capabilities of Gitea.
• Provide clarity for users seeking encrypted storage solutions.
• Align Gitea with security-conscious user requirements.

Resources

• https://docs.gitea.com/administration/config-cheat-sheet#minio-storage-configuration-storage_minio
• https://min.io/docs/minio/linux/administration/server-side-encryption/server-side-encryption-sse-c.html

Proposal

• Investigate whether Gitea can currently be configured to support MinIO’s SSE-C feature.
• If not already supported, add functionality to allow users to specify the necessary settings for SSE-C in the configuration file.
• Update the documentation to include a detailed guide on how to configure Gitea with MinIO for SSE-C encryption.

My Contribution

If there is a way to configure Gitea to use SSE-C, I would happily contribute to the documentation.

Screenshots

No response