This current project requires that the DB be dumped, encrypted and pushed to s3. I'm wondering what might be some "best practices" for such a task. As of now I'm using a pretty straight ahead method but would like to have some better ideas where security is concerned. Here is the start of my script:
mysqldump -u root --password="lepass" --all-databases --single-transaction > db.backup.sqltar -c db.backup.sql | openssl des3 -salt --passphrase foopass > db.backup.tarfiles3put backup/db.backup.tarfile db.backup.tarfile# Let's pull it down again and untar it for kickss3get surgeryflow-backup/db/db.backup.tarfile db.backup.tarfilecat db.backup.tarfile | openssl des3 -d -salt --passphrase foopass |tar -xvjObviously the problem is that this script everything an attacker would need to raise hell.
Any thoughts, critiques and suggestions for this task will be appreciated.
