{"_id":"554cb5c01f5dd20d008a7bdd","version":{"_id":"54fda38e21538c21006c49a6","__v":3,"forked_from":"54eb4535615ffc19003059f0","project":"545e249c7ca5470800b3a1b2","createdAt":"2015-03-09T13:43:42.927Z","releaseDate":"2015-03-09T13:43:42.927Z","categories":["54fda38f21538c21006c49a7","54fda38f21538c21006c49a8","54fda38f21538c21006c49a9","54fda38f21538c21006c49aa","54fda38f21538c21006c49ab","54fda3d347f93619001d2ae2","54fea8975c4ab10d00ef4279"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"0.5.0","version":"0.5.0"},"githubsync":"","user":"54bf8cd9dcfc4d0d00a1a19e","__v":5,"category":{"_id":"54fda38f21538c21006c49a8","version":"54fda38e21538c21006c49a6","__v":2,"pages":["54fda39021538c21006c49ac","54fda39021538c21006c49ad","54fda39021538c21006c49ae","54fda39021538c21006c49af","554cb5c01f5dd20d008a7bdd"],"project":"545e249c7ca5470800b3a1b2","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-11-08T16:56:01.271Z","from_sync":false,"order":1,"slug":"commands","title":"Commands"},"project":"545e249c7ca5470800b3a1b2","metadata":{"title":"","description":"","image":[]},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-05-08T13:10:24.918Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"File encryption is not to be confused with credentials encryption. You should use a **different key pair** for both use cases. See our [Introduction](doc:introduction) to encryption for more.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"encrypt (shell-level)\"\n}\n[/block]\n## Typical usage\n\n### Encrypt a file\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"host \\\"app-host\\\", hostname: \\\"www.example.com\\\"\\n\\njob \\\"config-backup\\\" do\\n  resource \\\"file\\\", path: \\\"/etc/config/file\\\", host: \\\"app-host\\\"\\n  remotely as: \\\"user\\\" do\\n    encrypt with: '/path/to/public_key'\\n  end\\nend\",\n      \"language\": \"ruby\",\n      \"name\": \"Sheepfile\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Public key deployment\",\n  \"body\": \"Please note that you don't have to deploy the public key on the remote server, only on the machine running ES.IO. Thus the path to the public key should point to the public key on the machine running it.\"\n}\n[/block]\n## Input resources\n\nResources of type `file` are allowed. Use a [compression](doc:compression)  command if you need to encrypt the contents of a directory.\n\n## Output resource\n\nA resource of type `file`.\n\n### Command options\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Option\",\n    \"0-0\": \"`with`\",\n    \"h-1\": \"Description\",\n    \"0-1\": \"The path to the public key, on the machine running ES.IO.\",\n    \"0-2\": \"Required: yes\\nThe option can be specified globally (see below).\",\n    \"1-0\": \"`delete_source`\",\n    \"1-1\": \"Indicate whether the source file should be deleted after encryption. Use with caution.\",\n    \"1-2\": \"Required: no\\nDefaults to: `false`\"\n  },\n  \"cols\": 3,\n  \"rows\": 2\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"encrypt (top-level)\"\n}\n[/block]\nWhen used at the top-level of the Sheepfile, `encrypt` allows you to specify a default GPG public key to use for all your backup jobs.\n\n## Typical usage\n\n### Encrypt a file\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"encrypt with: '/path/to/public_key'\\n\\nhost \\\"app-host\\\", hostname: \\\"www.example.com\\\"\\n\\njob \\\"config-backup\\\" do\\n  resource \\\"file\\\", path: \\\"/etc/config/file\\\", host: \\\"app-host\\\"\\n  remotely as: \\\"user\\\" do\\n    encrypt\\n  end\\nend\",\n      \"language\": \"ruby\",\n      \"name\": \"Sheepfile\"\n    }\n  ]\n}\n[/block]","excerpt":"Encrypt backup files using GPG","slug":"file-encryption","type":"basic","title":"File encryption"}

File encryption

Encrypt backup files using GPG

File encryption is not to be confused with credentials encryption. You should use a **different key pair** for both use cases. See our [Introduction](doc:introduction) to encryption for more. [block:api-header] { "type": "basic", "title": "encrypt (shell-level)" } [/block] ## Typical usage ### Encrypt a file [block:code] { "codes": [ { "code": "host \"app-host\", hostname: \"www.example.com\"\n\njob \"config-backup\" do\n resource \"file\", path: \"/etc/config/file\", host: \"app-host\"\n remotely as: \"user\" do\n encrypt with: '/path/to/public_key'\n end\nend", "language": "ruby", "name": "Sheepfile" } ] } [/block] [block:callout] { "type": "info", "title": "Public key deployment", "body": "Please note that you don't have to deploy the public key on the remote server, only on the machine running ES.IO. Thus the path to the public key should point to the public key on the machine running it." } [/block] ## Input resources Resources of type `file` are allowed. Use a [compression](doc:compression) command if you need to encrypt the contents of a directory. ## Output resource A resource of type `file`. ### Command options [block:parameters] { "data": { "h-0": "Option", "0-0": "`with`", "h-1": "Description", "0-1": "The path to the public key, on the machine running ES.IO.", "0-2": "Required: yes\nThe option can be specified globally (see below).", "1-0": "`delete_source`", "1-1": "Indicate whether the source file should be deleted after encryption. Use with caution.", "1-2": "Required: no\nDefaults to: `false`" }, "cols": 3, "rows": 2 } [/block] [block:api-header] { "type": "basic", "title": "encrypt (top-level)" } [/block] When used at the top-level of the Sheepfile, `encrypt` allows you to specify a default GPG public key to use for all your backup jobs. ## Typical usage ### Encrypt a file [block:code] { "codes": [ { "code": "encrypt with: '/path/to/public_key'\n\nhost \"app-host\", hostname: \"www.example.com\"\n\njob \"config-backup\" do\n resource \"file\", path: \"/etc/config/file\", host: \"app-host\"\n remotely as: \"user\" do\n encrypt\n end\nend", "language": "ruby", "name": "Sheepfile" } ] } [/block]