opensoul.org

Secure Backups with GPG

July 6, 2006 life 2 min read

Recently I had a client who wanted to store server backups on their hosting provider’s FTP server. The only problem is that those backups contained confidential customer data. So I came up with the idea of using a public GPG key to encrypt backups before copying them to the FTP server.

A little searching revealed that a lot of other people have also used this method. A great guide for getting set up to do this can be found here.

I already had a GPG key pair, so all I had to do was import my public key on the server, change the trust settings, and write a few bash scripts to dump the DB, create an encrypted tar archive, and FTP it.

Here are the commands I used to encrypt the database dump and tar archive:

# dump PostgreSQL data and encrypt it
pg_dump dbname | gpg -r C0E3268C -e -o /tmp/backup.sql.gpg

# tar the directories I want to backup and encrypt them
tar -c /var /etc | gpg -r C0E3268C -e -o /tmp/backup.tar.gpg
This content is open source. Suggest Improvements.

@bkeepers

avatar of Brandon Keepers I am Brandon Keepers, and I work at GitHub on making Open Source more approachable, effective, and ubiquitous. I tend to think like an engineer, work like an artist, dream like an astronaut, love like a human, and sleep like a baby.