preface
Our common backup schemes adhere to the principle of 3.2.1, that is, a copy of data must have at least three copies, then exist in at least two different media, and finally ensure at least one remote backup.
I don't have any important files, but I always insist that the data must be in my hands, including the data can be exported when choosing software now, and try to use open source software. I wrote an article some time ago Tutorial of backup synchronization artifact Rclone Since then, I have synchronized most of my relatively important data to object storage to prevent loss.
When sorting out the files to be synchronized this time, it was found that some sensitive information was directly synchronized to the object storage in clear text, which was relatively unsafe. So it took some time to turn on the encryption function provided by rclone, and the configuration was not very troublesome. The main thing was to make a note.
to configure
The default configuration path of rclone is: root/.config/rclone/rclone.conf
I continue to append the configuration based on the existing configuration of my previous article:
[tencent cos] # Custom name Type=s3 # Storage type, refer to all supported types in official documents Provider=TencentCOS # provider, refer to official documents or all Env_auth=false # Do not pass the environment variable configuration authentication Access_key_id=AKxxxxxxxx # Key key generated by Tencent Cloud background Secret_access_key=Secretxxxxxxx # The secret key generated in the background of Tencent Cloud Endpoint=cos. ap chengdu. myqcloud. com # Look at the public network address of your bucket in the region where Tencent Cloud cos is located
The encryption function principle of rclone is to directly add an intermediate layer, and then encrypt and decrypt it when uploading and downloading. Therefore, you can only encrypt important files. Encrypted files are encrypted in object storage, and only when you synchronize with rclone can they be decrypted locally.
Next, I implement direct encryption of the above tencent-cos At the remote end, the remote end I encrypt is named encrypted tenant cos, and the files to be encrypted are placed in the encrypted file folder of the object store.
Add the following configuration to the original configuration:
[encrypted endpoint cos] # Encrypted remote name www.51it.wang Type=crypt # Encryption storage type Remote=tencent cos:/Tencent cloud object storage id/encrypted file Filename_encryption=obfuscate # File name encryption method Directory_name_encryption=false # Whether the folder is encrypted Password=your password1 # Password 1, please keep it properly Password2=your password2 # Password 2, please keep it properly
Just change it to your information according to the prompts, and then keep the password properly, as long as possible, If the password is lost, it cannot be decrypted. If the password is lost, it cannot be decrypted. If the password is lost, it cannot be decrypted. Tell the important thing three times!
After the above configuration is completed, you can use all the rclone commands to synchronize, and then select encrypted tenant cos remote when encryption is required. For example:
#Synchronize the contents of the local/data/file folder to the/beifen folder under the tencent cos storage, and exclude the file contents specified in/root/excludes.txt rclone sync /data/file tencent-cos:/beifen --exclude-from '/root/excludes.txt' #Encrypt and synchronize the local/data/file folder contents to the/beifen folder under the tencent cos storage, and exclude the file contents specified in/root/excludes.txt rclone sync /data/file encrypted-tencent-cos:/beifen --exclude-from '/root/excludes.txt'
summary
Follow this tutorial to achieve synchronous backup of important sensitive files. If you don't want to use the method of additional configuration, you can also use rclone config Step by step through the guidance. For more information, see the reference link at the end of the following section.
Through this article, you can encrypt and synchronize some sensitive information of the server and personal private data to the cloud for remote backup.
Reference link
Rclone Crypt
Tutorial of backup synchronization artifact Rclone
How to use Rclone to encrypt cloud storage files
Rclone encrypted backup directory file