OpenSSL Encryption

Create a password-protected backup file with my_password as the password.

Config keys

type: openssl
chiper - The cipher to use, default: aes-256-cbc.
password - Set password to encrypt the backup file, required.
salt - Use a salt in the key derivation routines, default: true
base64 - Whether to encode the encrypted file with base64, default: false
args - Additional arguments to pass to the openssl command.

Example

encrypt_with:
  type: openssl
  password: my_password
  # (enabled by default) improves the security.
  salt: true
  # makes encrypted backups readable in text editors, emails, etc.
  base64: false

This will encrypt your backup file using OpenSSL aes-256-cbc.

Decrypting your backup file

To decrypt your backup, use the following command:

$ openssl aes-256-cbc -d -base64 -in my_backup.tar.gz.enc -out my_backup.tar.gz

-base64 is only required if you used base64: true.

You will be prompted for your password.

QA

If you are encrypting on OpenSSL 1.x and decrypting on OpenSSL 3.x, you will need to use the -md md5 flag, read details (opens in a new tab).
```
$ openssl aes-256-cbc -d -md md5 -in my_backup.tar.gz.enc -out my_backup.tar.gz
```

Tar Splitter