how to efficiently encrypt many files every several months use different passwords

0 votes

We do daily backup for some configuration files of many servers. Each conf file (compressed) is from 100KB to a few MB. Number of new files increased everyday is about 650. They are very important and confidential, so we encrypt each conf file with same pass phrase. However, we must change this phrase every 3 months. And old files can't be deleted, we need to re-encrypt all of them with new phrase. Currently, we have more than 300,000 files. They are stored in a network storage. It's very painful to decrypt and encrypt so many files every 3 months.

I was considering of using GPG:

  1. gen a new GPG key
  2. set a pass phrase for it, using pass phrase which is updated every 3 months
  3. encrypt every conf file use this GPG key
  4. 3 months later
  5. only change pass phrase of GPG key to latest one, no need to decrypt and encrypt all old files

But this seems insecure. All files can be decrypted use same GPG key with older pass phrase if some one have the old GPG database.

Is there any smarter way to do this kind of task?

Jul 12, 2018 in Other DevOps Questions by Nilesh
• 7,050 points

1 answer to this question.

0 votes

This is a typical problem, so it is has a pattern solution.

Mainly you should use key "K" to encrypt the files, and this key should be stored encrypted by key "A".

key "K" should not be distributed nether accessed by anyone else then the service that can decrepit key "A"

key "A" should be rotated, so every time key "A" has changed, it should re-encrypt key "K"

So lets say, in the second month we key "A" is replaced by key "B" and so on.

answered Jul 12, 2018 by Kalgi
• 2,680 points

Related Questions In Other DevOps Questions

0 votes
0 answers

How to use version name in Bamboo script

Hi All, We have 3 tasks in our ...READ MORE

Apr 9, 2020 in Other DevOps Questions by Abhishek
• 280 points
0 votes
1 answer

How to include Different Types of Workitems in Boards of Azure DevOps?

Predefined backlog levels in Azure DevOps may ...READ MORE

answered Feb 11, 2022 in Other DevOps Questions by Bhavitha
• 1,000 points
0 votes
0 answers
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
+2 votes
1 answer
0 votes
1 answer

How to use Powershell DSC for application installation?

Occasionally folks want to be able to ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,680 points
0 votes
1 answer

How to deploy to BlueMix: 404 Error

I have the same error. I think ...READ MORE

answered Jul 16, 2018 in Other DevOps Questions by Kalgi
• 2,680 points
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP