From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | "Dischner, Anton" <Anton(dot)Dischner(at)med(dot)uni-muenchen(dot)de> |
Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Encryption in pg_dump |
Date: | 2020-07-24 17:12:24 |
Message-ID: | CAMkU=1x+Tb3eGZCyqHsw3LHh8vH3PNSfJgE5xXAO_8Jzv9ZTsg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Thu, Jul 23, 2020 at 3:05 AM Dischner, Anton <
Anton(dot)Dischner(at)med(dot)uni-muenchen(dot)de> wrote:
> Hi Olivier,
>
>
>
> thanks for your hint which is better than my approach.
>
>
>
> I did somthing like:
>
>
>
> /usr/bin/pg_dumpall --username=postgres | bzip2 >
> /var/lib/postgresql/backup/"`date +%d-%m-%Y_%H:%M:%S`-"backup_all.sql.bz2
>
>
>
> To use encryption: [DRAFT]
>
>
>
> tar -czf - ttt | openssl enc -e -aes-256-cbc -pass pass:test -out ttt.tgz
>
> openssl enc -d -aes-256-cbc -pass pass:test -in ttt.tgz | tar xz
>
>
>
> As mentioned obove it makes no sense to store the PW in the script.
>
It does make sense as long as the script is not stored with the encrypted
file, but rather only with the unencrypted server (plus backed up someplace
else, like on a piece of paper in a safe offsite)
But you can use asymmetric (public key) encryption if you don't want the
backing-up user to be able to decrypt at all:
pg_dumpall | gpg --encrypt --recipient ciso(at)example(dot)com > backup.gpg
Cheers,
Jeff
>
From | Date | Subject | |
---|---|---|---|
Next Message | Imre Samu | 2020-07-24 17:20:08 | Re: Checking for valid UUID values? |
Previous Message | Wells Oliver | 2020-07-24 17:02:18 | Checking for valid UUID values? |