how to efficiently encrypt many files every several months use different passwords?

0 votes

We do daily backup for some configuration files of many servers. Each conf file (compressed) is from 100KB to a few MB. Number of new files increased everyday is about 650. They are very important and confidential, so we encrypt each conf file with same pass phrase. However, we must change this phrase every 3 months. And old files can't be deleted, we need to re-encrypt all of them with new phrase. Currently, we have more than 300,000 files. They are stored in a network storage. It's very painful to decrypt and encrypt so many files every 3 months.

I was considering of using GPG:

  1. gen a new GPG key
  2. set a pass phrase for it, using pass phrase which is updated every 3 months
  3. encrypt every conf file use this GPG key
  4. 3 months later
  5. only change pass phrase of GPG key to latest one, no need to decrypt and encrypt all old files

But this seems insecure. All files can be decrypted use same GPG key with older pass phrase if some one have the old GPG database.

Is there any smarter way to do this kind of task?

Jul 12, 2018 in Other DevOps Questions by Nilesh
• 6,900 points
18 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

This is a typical problem, so it is has a pattern solution.

Mainly you should use key "K" to encrypt the files, and this key should be stored encrypted by key "A".

key "K" should not be distributed nether accessed by anyone else then the service that can decrepit key "A"

key "A" should be rotated, so every time key "A" has changed, it should re-encrypt key "K"

So lets say, in the second month we key "A" is replaced by key "B" and so on.

answered Jul 12, 2018 by Kalgi
• 2,620 points

Related Questions In Other DevOps Questions

0 votes
1 answer

Use vagrant to update $PATH of guest vm

Just try the below script: mvm.vm.provision :shell, :inline ...READ MORE

answered May 1, 2018 in Other DevOps Questions by shubham
• 6,480 points
48 views
0 votes
1 answer

Copy log files to local machines using Jenkins

Try initializing the variables with values according ...READ MORE

answered May 2, 2018 in Other DevOps Questions by ajs3033
• 7,000 points
34 views
0 votes
1 answer

How to get issues count based on rules in a sonar project?

There are API docs in the footer ...READ MORE

answered May 4, 2018 in Other DevOps Questions by DareDev
• 6,520 points
153 views
+1 vote
2 answers

Unable to build TFS project because files not found

Please make a folder in solution Nd ...READ MORE

answered 5 days ago in Other DevOps Questions by Shashikesh Mishra
219 views
+13 votes
2 answers
0 votes
1 answer
0 votes
1 answer

How to use Powershell DSC for application installation?

Occasionally folks want to be able to ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,620 points
26 views
0 votes
1 answer

How to deploy to BlueMix: 404 Error

I have the same error. I think ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,620 points
26 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.