Discussion:
[S3tools-general] (no subject)
Dan Tagg
2015-09-03 20:47:59 UTC
Permalink
Hi,

s3cmd is great, I use it to backup most of my projects. But with this one I
am having some difficulty. I really need the data to be encrypted on its
way to s3 and inside. Can anyone offer me advice on how to do that
securely...

When I run

s3cmd sync --server-side-encryption --recursive -v -v -v /backups
s3://conciliation-backup/mars-org/today/

I get the following response

INFO: Compiling list of local files...
INFO: Running stat() and reading/calculating MD5 values on 1 files, this
may take some time...
INFO: Retrieving list of remote files for
s3://conciliation-backup/mars-org/today/ ...
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581)

If I monkey patch ssl as described here
https://www.python.org/dev/peps/pep-0476/ then I can use https without the
error, but I think that is only working by not checking properly.

I can only find other people having similar problems when they use s3
services they are hosting themselves rather than amazon's

I am running

s3cmd version 1.5.0-rc1
Python 2.7.9 (default, Mar 1 2015, 12:57:24)
[GCC 4.9.2] on linux2

inside a docker container that is built using

FROM postgres
RUN apt-get update && apt-get install -y \
s3cmd
ADD root/* /root/
RUN mkdir -p /backups/sql
CMD python /root/backup.py

I am using the postgres container so it has the right version of pg_dump to
dump from the database.

I need the data to be encrypted on its way to s3 and inside. Can anyone
offer me advice on how to do that securely.

Thanks

Dan
John Sauter
2015-09-03 21:37:33 UTC
Permalink
Post by Dan Tagg
Hi,
s3cmd is great, I use it to backup most of my projects. But with this
one I am having some difficulty. I really need the data to be
encrypted on its way to s3 and inside. Can anyone offer me advice on
how to do that securely...
When I run
s3cmd sync --server-side-encryption --recursive -v -v -v /backups
s3://conciliation-backup/mars-org/today/
I get the following response
INFO: Compiling list of local files...
INFO: Running stat() and reading/calculating MD5 values on 1 files,
this may take some time...
INFO: Retrieving list of remote files for s3://conciliation
-backup/mars-org/today/ ...
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581)
If I monkey patch ssl as described here
https://www.python.org/dev/peps/pep-0476/ then I can use https
without the error, but I think that is only working by not checking
properly.
I can only find other people having similar problems when they use s3
services they are hosting themselves rather than amazon's
I am running
s3cmd version 1.5.0-rc1
Python 2.7.9 (default, Mar 1 2015, 12:57:24)
[GCC 4.9.2] on linux2
inside a docker container that is built using
FROM postgres
RUN apt-get update && apt-get install -y \
s3cmd
ADD root/* /root/
RUN mkdir -p /backups/sql
CMD python /root/backup.py
I am using the postgres container so it has the right version of
pg_dump to dump from the database.
I need the data to be encrypted on its way to s3 and inside. Can
anyone offer me advice on how to do that securely.
Thanks
Dan
After backing up the database, but before sending the backup to S3,
encrypt the file yourself, for example with gpg. Then you don't have
to use server side encryption. Of course, you will need to decrypt it
when you restore from backup.
John Sauter (***@systemeyescomputerstore.com)
--
PGP fingerprint = E24A D25B E5FE 4914 A603 49EC 7030 3EA1
9A0B 511E
Matt Domsch
2015-09-04 00:38:37 UTC
Permalink
V1.5.2 has fixes for ssl certificate validation.
On Sep 3, 2015 4:37 PM, "John Sauter" <
Post by John Sauter
Post by Dan Tagg
Hi,
s3cmd is great, I use it to backup most of my projects. But with this
one I am having some difficulty. I really need the data to be
encrypted on its way to s3 and inside. Can anyone offer me advice on
how to do that securely...
When I run
s3cmd sync --server-side-encryption --recursive -v -v -v /backups
s3://conciliation-backup/mars-org/today/
I get the following response
INFO: Compiling list of local files...
INFO: Running stat() and reading/calculating MD5 values on 1 files,
this may take some time...
INFO: Retrieving list of remote files for s3://conciliation
-backup/mars-org/today/ ...
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581)
If I monkey patch ssl as described here
https://www.python.org/dev/peps/pep-0476/ then I can use https
without the error, but I think that is only working by not checking
properly.
I can only find other people having similar problems when they use s3
services they are hosting themselves rather than amazon's
I am running
s3cmd version 1.5.0-rc1
Python 2.7.9 (default, Mar 1 2015, 12:57:24)
[GCC 4.9.2] on linux2
inside a docker container that is built using
FROM postgres
RUN apt-get update && apt-get install -y \
s3cmd
ADD root/* /root/
RUN mkdir -p /backups/sql
CMD python /root/backup.py
I am using the postgres container so it has the right version of
pg_dump to dump from the database.
I need the data to be encrypted on its way to s3 and inside. Can
anyone offer me advice on how to do that securely.
Thanks
Dan
After backing up the database, but before sending the backup to S3,
encrypt the file yourself, for example with gpg. Then you don't have
to use server side encryption. Of course, you will need to decrypt it
when you restore from backup.
--
PGP fingerprint = E24A D25B E5FE 4914 A603 49EC 7030 3EA1
9A0B 511E
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
S3tools-general mailing list
https://lists.sourceforge.net/lists/listinfo/s3tools-general
Loading...