Home > mailing lists

Re: Encryption in pg_dump - Mailing list pgsql-admin

From	Jeff Janes
Subject	Re: Encryption in pg_dump
Date	July 24, 2020 20:12:24
Msg-id	CAMkU=1x+Tb3eGZCyqHsw3LHh8vH3PNSfJgE5xXAO_8Jzv9ZTsg@mail.gmail.com Whole thread Raw
In response to	AW: Encryption in pg_dump ("Dischner, Anton" <Anton.Dischner@med.uni-muenchen.de>)
List	pgsql-admin

Tree view

On Thu, Jul 23, 2020 at 3:05 AM Dischner, Anton <Anton.Dischner@med.uni-muenchen.de> wrote:

Hi Olivier,

thanks for your hint which is better than my approach.

I did somthing like:

/usr/bin/pg_dumpall --username=postgres | bzip2 > /var/lib/postgresql/backup/"`date +%d-%m-%Y_%H:%M:%S`-"backup_all.sql.bz2

To use encryption: [DRAFT]

tar -czf - ttt | openssl enc -e -aes-256-cbc -pass pass:test -out ttt.tgz
openssl enc -d -aes-256-cbc -pass pass:test -in ttt.tgz | tar xz

As mentioned obove it makes no sense to store the PW in the script.

It does make sense as long as the script is not stored with the encrypted file, but rather only with the unencrypted server (plus backed up someplace else, like on a piece of paper in a safe offsite)

But you can use asymmetric (public key) encryption if you don't want the backing-up user to be able to decrypt at all:

pg_dumpall | gpg --encrypt --recipient ciso@example.com > backup.gpg

Cheers,

Jeff

pgsql-admin by date:

From: Wells Oliver
Date: 24 July 2020, 20:02:18
Subject: Checking for valid UUID values?

From: Imre Samu
Date: 24 July 2020, 20:20:08
Subject: Re: Checking for valid UUID values?

Re: Encryption in pg_dump - Mailing list pgsql-admin

Previous

Next