opensoul.org

Secure Backups with GPG

Recently I had a client who wanted to store server backups on their hosting provider’s FTP server. The only problem is that those backups contained confidential customer data. So I came up with the idea of using a public GPG key to encrypt backups before copying them to the FTP server.

A little searching revealed that a lot of other people have also used this method. A great guide for getting set up to do this can be found here.

I already had a GPG key pair, so all I had to do was import my public key on the server, change the trust settings, and write a few bash scripts to dump the DB, create an encrypted tar archive, and FTP it.

Here are the commands I used to encrypt the database dump and tar archive:

# dump PostgreSQL data and encrypt it

pg_dump dbname | gpg -r C0E3268C -e -o /tmp/backup.sql.gpg


    
	
  1. tar the directories I want to backup and encrypt them
    
tar -c /var /etc | gpg -r C0E3268C -e -o /tmp/backup.tar.gpg

gpg and security July 06, 2006

3 Comments

  1. Grant McInnes Grant McInnes July 7, 2006

    You might also want to investigate ‘duplicity’ – a python script which wraps ssh, gpg and rsync to do incremental backups – saves a lot of bandwidth along the way.

    http://www.nongnu.org/duplicity/

  2. brandon brandon July 7, 2006

    Thanks for the pointer, I’ll have to try it out. I use rsync and hard links (similar to this) for my own backups.

  3. Bloggitation » links for 2006-07-08 Bloggitation » links for 2006-07-08 July 7, 2006

    […] Secure Backups with GPG (tags: sysadmin backup security crypto) […]

My name is Brandon Keepers. I like to build things, usually in Ruby or JavaScript. I work at GitHub and live in Holland, MI.

Popular Posts