What’s the most recommended way to encrypt a db backup now days? Still gpg? For sure looking for public/private as don’t want my worker doing the backup and shipping it to storage to have a key to decrypt it.
But problem comes if I ever want to automate a restore in anyway.. 😶
@eletrotupi I’ve definitely seen this one before. Actually have in mind for my personal backups. In my case on a worker I’m getting a gzip archive output to stdout from the database dump. Might be able to make borg work. 🤔
@mookie I’d be shipping off to an s3 compatible store. The output of the backup is actually very dynamic and will go to semi dynamic stores and will happen on a random worker. So ideally looking for something to handle just encryption.
I’ve looked at rclone but couldn’t determine exactly what it was doing encryption wise. Looks like some sort of asymmetrical?
@brian gotta say compared to rclone the simplicity shown on their page definitely would beat it out for backing up files. I think this is up in one of my 100s of tabs from someone’s toot or tweet from a while back. For sure need to file it away. Maybe creating a list of some of these
Turned out to be rock solid for me. You can obviously replace backblaze with whatever you like. Also the Ansible role linked is even more configurable to use different keys for encryption and signing.
I started to add my private OpenPGP key as encryption target in order to make sure I can always decrypt the backups.
@utzer it technically could. But I have more of a many worker sort of setup and the backup job happens in a container. Borg does look interesting for pet server or personal laptop situation though
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.