File encryption
Encrypt backup files using GPG
File encryption is not to be confused with credentials encryption. You should use a different key pair for both use cases. See our Introduction to encryption for more.
encrypt (shell-level)
Typical usage
Encrypt a file
host "app-host", hostname: "www.example.com"
job "config-backup" do
resource "file", path: "/etc/config/file", host: "app-host"
remotely as: "user" do
encrypt with: '/path/to/public_key'
end
end
Public key deployment
Please note that you don't have to deploy the public key on the remote server, only on the machine running ES.IO. Thus the path to the public key should point to the public key on the machine running it.
Input resources
Resources of type file are allowed. Use a compression command if you need to encrypt the contents of a directory.
Output resource
A resource of type file.
Command options
| Option | Description | |
|---|---|---|
with | The path to the public key, on the machine running ES.IO. | Required: yes The option can be specified globally (see below). |
delete_source | Indicate whether the source file should be deleted after encryption. Use with caution. | Required: no Defaults to: false |
encrypt (top-level)
When used at the top-level of the Sheepfile, encrypt allows you to specify a default GPG public key to use for all your backup jobs.
Typical usage
Encrypt a file
encrypt with: '/path/to/public_key'
host "app-host", hostname: "www.example.com"
job "config-backup" do
resource "file", path: "/etc/config/file", host: "app-host"
remotely as: "user" do
encrypt
end
end
Updated less than a minute ago