The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encrypting Backups & Sending to AWS S3 Bucket

Discussion in 'Data Protection' started by BobHoliday, May 3, 2017.

Tags:
  1. BobHoliday

    BobHoliday Member

    Joined:
    Sep 6, 2013
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    There's an ongoing feature request to enable encryption of Amazon S3 backups. Amazon has an option to turn on encryption so unsure why cP have not simply done this by default - however something's obviously causing problems so...

    An option I'm investigating at the moment is to:

    1) Configure cP to backup to the local server.

    2) Set up a CRON task to check for the presence of local backup files and if so, for each...

    3) Use PHP to AES then MAC encrypt then...

    4) Upload encrypted file to Amazon S3 bucket using Amazon S3 PHP SDK

    5) Delete the local unencrypted file.

    I would also need to code up something to reverse that process should a backup be needed of course.

    An alternative (probably less secure as unencrypted data would arrive at AWS this way) would be to use the AWS PHP SDK to do the encryption their end:

    Specifying Server-Side Encryption Using the AWS SDK for PHP - Amazon Simple Storage Service

    I suspect my 1-5 plan will be very server intensive.

    Thoughts?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't see anything wrong with those steps, but it's not something that's been tested. Feel free to let us know if you have any questions regarding the cPanel backup functionality if you decide to proceed with this setup.

    For anyone else viewing this thread, the corresponding feature request is located at:

    Backups - encryption of backups (symmetric and asymmetric)

    Thank you.
     
Loading...

Share This Page