Encrypting Backups & Sending to AWS S3 Bucket


Sep 6, 2013
cPanel Access Level
Root Administrator
There's an ongoing feature request to enable encryption of Amazon S3 backups. Amazon has an option to turn on encryption so unsure why cP have not simply done this by default - however something's obviously causing problems so...

An option I'm investigating at the moment is to:

1) Configure cP to backup to the local server.

2) Set up a CRON task to check for the presence of local backup files and if so, for each...

3) Use PHP to AES then MAC encrypt then...

4) Upload encrypted file to Amazon S3 bucket using Amazon S3 PHP SDK

5) Delete the local unencrypted file.

I would also need to code up something to reverse that process should a backup be needed of course.

An alternative (probably less secure as unencrypted data would arrive at AWS this way) would be to use the AWS PHP SDK to do the encryption their end:

Specifying Server-Side Encryption Using the AWS SDK for PHP - Amazon Simple Storage Service

I suspect my 1-5 plan will be very server intensive.



Staff member
Apr 11, 2011

I don't see anything wrong with those steps, but it's not something that's been tested. Feel free to let us know if you have any questions regarding the cPanel backup functionality if you decide to proceed with this setup.

For anyone else viewing this thread, the corresponding feature request is located at:

Backups - encryption of backups (symmetric and asymmetric)

Thank you.