Re: [S3tools-general] client side backup

Thu, 03 Sep 2015 14:54:07 -0700 

On Thu, 2015-09-03 at 21:47 +0100, Dan Tagg wrote:
> Hi,
> 
> s3cmd is great, I use it to backup most of my projects. But with this
> one I am having some difficulty. I really need the data to be
> encrypted on its way to s3 and inside. Can anyone offer me advice on
> how to do that securely...
> 
> When I run
> 
> s3cmd sync --server-side-encryption --recursive -v -v -v /backups
> s3://conciliation-backup/mars-org/today/
> 
> I get the following response
> 
> INFO: Compiling list of local files...
> INFO: Running stat() and reading/calculating MD5 values on 1 files,
> this may take some time...
> INFO: Retrieving list of remote files for s3://conciliation
> -backup/mars-org/today/ ...
> ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:581)
> 
> If I monkey patch ssl as described here 
> https://www.python.org/dev/peps/pep-0476/ then I can use https
> without the error, but I think that is only working by not checking
> properly. 
> 
> I can only find other people having similar problems when they use s3
> services they are hosting themselves rather than amazon's 
> 
> I am running
> 
> s3cmd version 1.5.0-rc1
> Python 2.7.9 (default, Mar  1 2015, 12:57:24) 
> [GCC 4.9.2] on linux2
> 
> inside a docker container that is built using
> 
> FROM postgres
> RUN apt-get update && apt-get install -y \
>   s3cmd
> ADD root/* /root/
> RUN mkdir -p /backups/sql
> CMD python /root/backup.py
> 
> I am using the postgres container so it has the right version of
> pg_dump to dump from the database.
> 
> I need the data to be encrypted on its way to s3 and inside. Can
> anyone offer me advice on how to do that securely.
> 
> Thanks
> 
> Dan

After backing up the database, but before sending the backup to S3,
encrypt the file yourself, for example with gpg.  Then you don't have
to use server side encryption.  Of course, you will need to decrypt it
when you restore from backup.
    John Sauter (john_sau...@systemeyescomputerstore.com)
-- 
PGP fingerprint = E24A D25B E5FE 4914 A603  49EC 7030 3EA1
9A0B 511E

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
S3tools-general mailing list
S3tools-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/s3tools-general

Reply via email to