There's an ongoing feature request to enable encryption of Amazon S3 backups. Amazon has an option to turn on encryption so unsure why cP have not simply done this by default - however something's obviously causing problems so...
An option I'm investigating at the moment is to:
1) Configure cP to backup to the local server.
2) Set up a CRON task to check for the presence of local backup files and if so, for each...
3) Use PHP to AES then MAC encrypt then...
4) Upload encrypted file to Amazon S3 bucket using Amazon S3 PHP SDK
5) Delete the local unencrypted file.
I would also need to code up something to reverse that process should a backup be needed of course.
An alternative (probably less secure as unencrypted data would arrive at AWS this way) would be to use the AWS PHP SDK to do the encryption their end:
Specifying Server-Side Encryption Using the AWS SDK for PHP - Amazon Simple Storage Service
I suspect my 1-5 plan will be very server intensive.
Thoughts?
An option I'm investigating at the moment is to:
1) Configure cP to backup to the local server.
2) Set up a CRON task to check for the presence of local backup files and if so, for each...
3) Use PHP to AES then MAC encrypt then...
4) Upload encrypted file to Amazon S3 bucket using Amazon S3 PHP SDK
5) Delete the local unencrypted file.
I would also need to code up something to reverse that process should a backup be needed of course.
An alternative (probably less secure as unencrypted data would arrive at AWS this way) would be to use the AWS PHP SDK to do the encryption their end:
Specifying Server-Side Encryption Using the AWS SDK for PHP - Amazon Simple Storage Service
I suspect my 1-5 plan will be very server intensive.
Thoughts?
