how to efficiently encrypt many files every several months use different passwords?

0 votes

We do daily backup for some configuration files of many servers. Each conf file (compressed) is from 100KB to a few MB. Number of new files increased everyday is about 650. They are very important and confidential, so we encrypt each conf file with same pass phrase. However, we must change this phrase every 3 months. And old files can't be deleted, we need to re-encrypt all of them with new phrase. Currently, we have more than 300,000 files. They are stored in a network storage. It's very painful to decrypt and encrypt so many files every 3 months.

I was considering of using GPG:

  1. gen a new GPG key
  2. set a pass phrase for it, using pass phrase which is updated every 3 months
  3. encrypt every conf file use this GPG key
  4. 3 months later
  5. only change pass phrase of GPG key to latest one, no need to decrypt and encrypt all old files

But this seems insecure. All files can be decrypted use same GPG key with older pass phrase if some one have the old GPG database.

Is there any smarter way to do this kind of task?

Jul 12, 2018 in Other DevOps Questions by Nilesh
• 6,980 points
74 views

1 answer to this question.

0 votes

This is a typical problem, so it is has a pattern solution.

Mainly you should use key "K" to encrypt the files, and this key should be stored encrypted by key "A".

key "K" should not be distributed nether accessed by anyone else then the service that can decrepit key "A"

key "A" should be rotated, so every time key "A" has changed, it should re-encrypt key "K"

So lets say, in the second month we key "A" is replaced by key "B" and so on.

answered Jul 12, 2018 by Kalgi
• 2,620 points

Related Questions In Other DevOps Questions

0 votes
0 answers

How to use version name in Bamboo script

Hi All, We have 3 tasks in our ...READ MORE

Apr 8 in Other DevOps Questions by Abhishek
• 280 points
76 views
0 votes
1 answer

Use vagrant to update $PATH of guest vm

Just try the below script: mvm.vm.provision :shell, :inline ...READ MORE

answered May 1, 2018 in Other DevOps Questions by shubham
• 6,910 points
233 views
0 votes
1 answer

Copy log files to local machines using Jenkins

Try initializing the variables with values according ...READ MORE

answered May 2, 2018 in Other DevOps Questions by ajs3033
• 7,280 points
111 views
0 votes
1 answer

How to get issues count based on rules in a sonar project?

There are API docs in the footer ...READ MORE

answered May 4, 2018 in Other DevOps Questions by DareDev
• 6,870 points
1,165 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
804 views
+2 votes
1 answer
0 votes
1 answer

How to use Powershell DSC for application installation?

Occasionally folks want to be able to ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,620 points
100 views
0 votes
1 answer

How to deploy to BlueMix: 404 Error

I have the same error. I think ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,620 points
128 views