by Michael Werneburg
I'm working on a project in which the data set is so sensitive that backups to long-term media – or outside the production network segment – aren't permitted. The data's also supposed to be short-lived, and encrypted when not in use. Encryption, says the auditors, can't be done with a key residing on the server. All that said, we need to be able to recall data on an ad-hoc basis.
So I hand-rolled some backups, like it was the 90's. GPG to the rescue! As soon as the data is through the gate, I grab the files and encrypt them with a public key generated under a system account, on a separate server. I then dump the GPG'd files in a specific location, delete the unencrypted source files, and wait for an automated job on the second server to log in, pick up the encrypted files, and clean up the interim location on the production server.
Within a day, the copies retained on the second server are discarded as well.
In the normal course of production, we've had to go back to the backup server to restore files on a number of occasions. Everything seems to be working.