One way to secure your MySQL backups, is to encrypt the backup file using PGP/GnuPG. Of course you will need to own a PGP/GnuPG private key, which can be easily created using the PGP/GnuPG tools.
On a Debian/Ubuntu Linux host, install the ‘gnupg’ package.
# apt-get install gnupg
After installation, generate a PGP/GnuPG key using the ‘gpg’ command and go through the questions:
# gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Once your key has been generated, you are ready to start using it.
In this example, MySQL backups will be created using the ‘mysqldump’ command. The output of that command will be compressed using ‘gzip’, since the ‘mysqldump’ generates plain text output.
The ‘gpg’ command takes two arguments:
- –encrypt : to define that we will encrypting the output coming STDOUT
- -r email@example.com : this parameter defines the key that will be used for the encryption
When we put all these commands together:
$ mysqldump --all-databases -uroot -psecret \
| gzip - \
| gpg --encrypt -r firstname.lastname@example.org >mysql_dump_sql.bkp
The above example could be used in a cronjob to have daily backups.