0

Since the early days of s3cmd I use it in combination with random generated filenames (uuidgen loop) and a complex passphrase (pwgen -n1 -c 32 -y). On security.stackexchange.com search there is only 1 result for s3cmd.

I use Amazon S3 (Glacier) for offsite backup of my personal files.

I wonder if this in 2020 still the state of the art solution for security? How secure is it? Is there a guarantee that Amazon can't view the files?

s3cmd -e -vv put --recursive --acl-private /xxx/yyy s3://ppp
Sybil
  • 1,435
  • 2
  • 15
  • 29
  • 1
    Since you asked about "state of the art", I would recommend switching to `rclone`. From the crypto point of view it is much more modern, especially in terms of integrity protection for the data. –  Sep 29 '20 at 05:01

1 Answers1

1

See https://s3tools.org/s3cmd-howto for information on how you can configure s3cmd to use GPG on the client side, to encrypt files on the client side before they are transferred to Amazon s3, using a key stored on the client side.

Notably:

You can optionally enter a GPG encryption key that will be used for encrypting your files before sending them to Amazon. Using GPG encryption will protect your data against reading by Amazon staff or anyone who may get access to your them while they're stored at Amazon S3.

mti2935
  • 19,868
  • 2
  • 45
  • 64