Re: Encryption in pg_dump

Поиск
Список
Период
Сортировка
От Jeff Janes
Тема Re: Encryption in pg_dump
Дата
Msg-id CAMkU=1x+Tb3eGZCyqHsw3LHh8vH3PNSfJgE5xXAO_8Jzv9ZTsg@mail.gmail.com
обсуждение исходный текст
Ответ на AW: Encryption in pg_dump  ("Dischner, Anton" <Anton.Dischner@med.uni-muenchen.de>)
Список pgsql-admin
Дерево обсуждения
On Thu, Jul 23, 2020 at 3:05 AM Dischner, Anton <Anton.Dischner@med.uni-muenchen.de> wrote:

Hi Olivier,

 

thanks for your hint which is better than my approach.

 

I did somthing like:

 

/usr/bin/pg_dumpall --username=postgres | bzip2 > /var/lib/postgresql/backup/"`date +%d-%m-%Y_%H:%M:%S`-"backup_all.sql.bz2

 

To use encryption: [DRAFT]

 

tar -czf - ttt | openssl enc -e -aes-256-cbc -pass pass:test -out ttt.tgz

openssl enc -d -aes-256-cbc -pass pass:test -in ttt.tgz | tar xz

 

As mentioned obove it makes no sense to store the PW in the script.


It does make sense as long as the script is not stored with the encrypted file, but rather only with the unencrypted server (plus backed up someplace else, like on a piece of paper in a safe offsite)

But you can use asymmetric (public key) encryption if you don't want the backing-up user to be able to decrypt at all:

pg_dumpall | gpg --encrypt --recipient ciso@example.com > backup.gpg

Cheers,

Jeff

В списке pgsql-admin по дате отправления:

Предыдущее
От: Wells Oliver
Дата:
Сообщение: Checking for valid UUID values?
Следующее
От: Imre Samu
Дата:
Сообщение: Re: Checking for valid UUID values?