Encrypting Backups & Sending to AWS S3 Bucket

BobHoliday

Member
Sep 6, 2013
23
3
53
cPanel Access Level
Root Administrator
There's an ongoing feature request to enable encryption of Amazon S3 backups. Amazon has an option to turn on encryption so unsure why cP have not simply done this by default - however something's obviously causing problems so...

An option I'm investigating at the moment is to:

1) Configure cP to backup to the local server.

2) Set up a CRON task to check for the presence of local backup files and if so, for each...

3) Use PHP to AES then MAC encrypt then...

4) Upload encrypted file to Amazon S3 bucket using Amazon S3 PHP SDK

5) Delete the local unencrypted file.

I would also need to code up something to reverse that process should a backup be needed of course.

An alternative (probably less secure as unencrypted data would arrive at AWS this way) would be to use the AWS PHP SDK to do the encryption their end:

Specifying Server-Side Encryption Using the AWS SDK for PHP - Amazon Simple Storage Service

I suspect my 1-5 plan will be very server intensive.

Thoughts?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

I don't see anything wrong with those steps, but it's not something that's been tested. Feel free to let us know if you have any questions regarding the cPanel backup functionality if you decide to proceed with this setup.

For anyone else viewing this thread, the corresponding feature request is located at:

Backups - encryption of backups (symmetric and asymmetric)

Thank you.