Use s3cmd and gpg to upload encrypted file
2 min read
You want to upload file to s3, but want to encrypt it first
Method 1) Use
gpg to encrypt the file first, then use the
s3cmd to upload:
gpg is a built-in command in Linux, and in Mac you may need to manually install it via:
$ brew install gpg
Suppose we have a file named "dbbackup.zip":
$ gpg -o dbbackup.zip.gpg --symmetric --cipher-algo AES256 --batch --passphrase "12345678" dbbackup.zip $ s3cmd put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg
Here the passphrase "12345678" is the key to encrypt/decrypt the file.
Method 2) Use
When you setup
s3cmd --configure, one of the step is asking for the "Encryption password:", this will be used to encrypt your file before upload to s3 (same as the "passphrase" field above).
Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password:
Once you configured this password, to upload a file with encryption, you need to use the
$ s3cmd -e put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg
This way you don't need to manually use
gpg to encrypt it,
s3cmd will do it for you first, then do the upload.
After you uploaded to s3, you can download the file then decrypt it:
$ gpg -o dbbackup.zip -d dbbackup.zip.gpg
This will ask you to input the passphrase, then it will decrypt the gpg file and output a file named