I do not want to encrypt my postgres DB. However, I want encryption at OS level, such that if the files(such as backups or configurations) are moved to any other system, it should be unreadable or non modifiable for security reasons. I tried ecryptfs but when I try to transfer the backup to another machine and restore, it works normally. However, if i transfer a text file on other machine, cat does not work. Am I missing something here? Is there any alternate way to achieve this? If any wrong person gets the backup, he should not be able to restore it!
Asked
Active
Viewed 260 times
1 Answers
2
If you use an encrypted file system, one needs a password to unlock the contents of the hard drive when mounting the file system. Without the password, the files cannot be accessed.
However, if the file system is already mounted (accessible), then all files can be used normally.
In order to encrypt a single file (your backup), you need to use software like OpenPGP.
You need to be careful to not have any unencrypted versions stored on the disk, as it is relatively easy to read contents of deleted files from hard disk.
Tero Kilkanen
- 36,796
- 3
- 41
- 63