File encryption
Encrypt backup files using GPG
File encryption is not to be confused with credentials encryption. You should use a different key pair for both use cases. See our Introduction to encryption for more.
encrypt (shell-level)
Typical usage
Encrypt a file
host "app-host", hostname: "www.example.com"
job "config-backup" do
resource "file", path: "/etc/config/file", host: "app-host"
remotely as: "user" do
encrypt with: '/path/to/public_key'
end
endPublic key deployment
Please note that you don't have to deploy the public key on the remote server, only on the machine running ES.IO. Thus the path to the public key should point to the public key on the machine running it.
Input resources
Resources of type file are allowed. Use a compression command if you need to encrypt the contents of a directory.
Output resource
A resource of type file.
Command options
Option | Description | |
|---|---|---|
| The path to the public key, on the machine running ES.IO. | Required: yes |
| Indicate whether the source file should be deleted after encryption. Use with caution. | Required: no |
encrypt (top-level)
When used at the top-level of the Sheepfile, encrypt allows you to specify a default GPG public key to use for all your backup jobs.
Typical usage
Encrypt a file
encrypt with: '/path/to/public_key'
host "app-host", hostname: "www.example.com"
job "config-backup" do
resource "file", path: "/etc/config/file", host: "app-host"
remotely as: "user" do
encrypt
end
endUpdated 4 days ago