Never really thought about that, At first glance this looks like what I would do, this is similar to encryption on LVM disk volume taking out of Bareos client hands.
https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html Note FD to SD should still be PSK encrypted over the wire, and the SD to S3 should be SSL encrypted over HTTPS, then this just encrypts it when it lands at AWS. Though I always questioned cloud systems where you give them the key to encrypt data that you assume you do to make sure they can’t access it (melitious employee, etc) YMMV. IN that case yeah you may want to encrypt before uploading and this may be the best path. But key management is KEY to make sure you can actually access your data. Brock Palen [email protected] www.mlds-networks.com Websites, Linux, Hosting, Joomla, Consulting > On Dec 21, 2020, at 11:43 AM, 'Chad William Seys' via bareos-users > <[email protected]> wrote: > > I agree, it is worrisome to encrypt backup data. > > But, if the client loses the key, there is still the master key. > https://docs.bareos.org/TasksAndConcepts/DataEncryption.html#decrypting-with-a-master-key > > If storing in "the cloud" is there an easier and less failure prone way to > encrypt? > > Chad. > > -- > You received this message because you are subscribed to the Google Groups > "bareos-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/fd47f1b1-6240-f674-ab40-11116685e520%40physics.wisc.edu. -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/9B985D80-0854-4E01-A018-06BEBBBB04E9%40mlds-networks.com.
