Use s3cmd and gpg to upload encrypted file
Problem
You want to upload file to s3, but want to encrypt it first
Solution
Method 1) Use gpg
to encrypt the file first, then use the s3cmd
to upload:
gpg
is a built-in command in Linux, and in Mac you may need to manually install it via:
$ brew install gpg
Suppose we have a file named "dbbackup.zip":
$ gpg -o dbbackup.zip.gpg --symmetric --cipher-algo AES256 --batch --passphrase "12345678" dbbackup.zip
$ s3cmd put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg
Here the passphrase "12345678" is the key to encrypt/decrypt the file.
Method 2) Use s3cmd
directly
When you setup s3cmd
with s3cmd --configure
, one of the step is asking for the "Encryption password:", this will be used to encrypt your file before upload to s3 (same as the "passphrase" field above).
Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password:
Once you configured this password, to upload a file with encryption, you need to use the -e
parameter:
$ s3cmd -e put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg
This way you don't need to manually use gpg
to encrypt it, s3cmd
will do it for you first, then do the upload.
Decryption
After you uploaded to s3, you can download the file then decrypt it:
$ gpg -o dbbackup.zip -d dbbackup.zip.gpg
This will ask you to input the passphrase, then it will decrypt the gpg file and output a file named dbbackup.zip
.