V1.5.2 has fixes for ssl certificate validation. On Sep 3, 2015 4:37 PM, "John Sauter" < john_sau...@systemeyescomputerstore.com> wrote:
> On Thu, 2015-09-03 at 21:47 +0100, Dan Tagg wrote: > > Hi, > > > > s3cmd is great, I use it to backup most of my projects. But with this > > one I am having some difficulty. I really need the data to be > > encrypted on its way to s3 and inside. Can anyone offer me advice on > > how to do that securely... > > > > When I run > > > > s3cmd sync --server-side-encryption --recursive -v -v -v /backups > > s3://conciliation-backup/mars-org/today/ > > > > I get the following response > > > > INFO: Compiling list of local files... > > INFO: Running stat() and reading/calculating MD5 values on 1 files, > > this may take some time... > > INFO: Retrieving list of remote files for s3://conciliation > > -backup/mars-org/today/ ... > > ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > > (_ssl.c:581) > > > > If I monkey patch ssl as described here > > https://www.python.org/dev/peps/pep-0476/ then I can use https > > without the error, but I think that is only working by not checking > > properly. > > > > I can only find other people having similar problems when they use s3 > > services they are hosting themselves rather than amazon's > > > > I am running > > > > s3cmd version 1.5.0-rc1 > > Python 2.7.9 (default, Mar 1 2015, 12:57:24) > > [GCC 4.9.2] on linux2 > > > > inside a docker container that is built using > > > > FROM postgres > > RUN apt-get update && apt-get install -y \ > > s3cmd > > ADD root/* /root/ > > RUN mkdir -p /backups/sql > > CMD python /root/backup.py > > > > I am using the postgres container so it has the right version of > > pg_dump to dump from the database. > > > > I need the data to be encrypted on its way to s3 and inside. Can > > anyone offer me advice on how to do that securely. > > > > Thanks > > > > Dan > > After backing up the database, but before sending the backup to S3, > encrypt the file yourself, for example with gpg. Then you don't have > to use server side encryption. Of course, you will need to decrypt it > when you restore from backup. > John Sauter (john_sau...@systemeyescomputerstore.com) > -- > PGP fingerprint = E24A D25B E5FE 4914 A603 49EC 7030 3EA1 > 9A0B 511E > > > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > S3tools-general mailing list > S3tools-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/s3tools-general > >
------------------------------------------------------------------------------
_______________________________________________ S3tools-general mailing list S3tools-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/s3tools-general
