Secure MySQL Backups with GnuPG

One way to secure your MySQL backups, is to encrypt the backup file using PGP/GnuPG. Of course you will need to own a PGP/GnuPG private key, which can be easily created using the PGP/GnuPG tools.

On a Debian/Ubuntu Linux host, install the ‘gnupg’ package.

# apt-get install gnupg

After installation, generate a PGP/GnuPG key using the ‘gpg’ command and go through the questions:

# gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
*snip*

Once your key has been generated, you are ready to start using it.

In this example, MySQL backups will be created using the ‘mysqldump’ command. The output of that command will be compressed using ‘gzip’, since the ‘mysqldump’ generates plain text output.

The ‘gpg’ command takes two arguments:

  1. –encrypt : to define that we will encrypting the output coming STDOUT
  2. -r user@domain.com : this parameter defines the key that will be used for the encryption

When we put all these commands together:


$ mysqldump --all-databases -uroot -psecret \
 | gzip - \
 | gpg --encrypt -r user@domain.com >mysql_dump_sql.bkp

The above example could be used in a cronjob to have daily backups.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.