Backups to s3 not encrypted

zalando / postgres-operator

Postgres operator creates and manages PostgreSQL clusters running in Kubernetes

https://postgres-operator.readthedocs.io/

MIT License

4.24k stars 968 forks source link

Backups to s3 not encrypted #1364

Open yfoelling opened 3 years ago

yfoelling commented 3 years ago

Hello,

i am a little confused about the logical backup funktion in this operator. The documentation says that the result of pg_dumpall will be compressed and encrypted and then uploaded to the s3 bucket.

I configured backups in our testing cluster and checked the results but it seems to be just compressed versions without any encryption.

How do i enable the encryption? i dont find any additional config options besides the aws server side encrytion.

Thank you in advance.

FxKu commented 3 years ago

What do have configured for logical_backup_s3_sse - AWS's server-side encryption? The default is "AES256", but it's not added to the upload command when you've configured it to be empty.

yfoelling commented 3 years ago

Yes, i have seen that. But that is server side encryption from amazon. I would really like an option to encrypt it before we move it to aws (with amazon holding the key) :smile: The documentation reads as if it would be encrypted on the host.