Use s3cmd and gpg to upload encrypted file

0xBF's photo

Published on Nov 5, 2021

2 min read


You want to upload file to s3, but want to encrypt it first


Method 1) Use gpg to encrypt the file first, then use the s3cmd to upload:

gpg is a built-in command in Linux, and in Mac you may need to manually install it via:

$ brew install gpg

Suppose we have a file named "dbbackup.zip":

$ gpg -o dbbackup.zip.gpg --symmetric --cipher-algo AES256 --batch --passphrase "12345678" dbbackup.zip
$ s3cmd put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg

Here the passphrase "12345678" is the key to encrypt/decrypt the file.

Method 2) Use s3cmd directly

When you setup s3cmd with s3cmd --configure, one of the step is asking for the "Encryption password:", this will be used to encrypt your file before upload to s3 (same as the "passphrase" field above).

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password:

Once you configured this password, to upload a file with encryption, you need to use the -e parameter:

$ s3cmd -e put dbbackup.zip.gpg s3://path/to/folder/dbbackup.zip.gpg

This way you don't need to manually use gpg to encrypt it, s3cmd will do it for you first, then do the upload.


After you uploaded to s3, you can download the file then decrypt it:

$ gpg -o dbbackup.zip -d dbbackup.zip.gpg

This will ask you to input the passphrase, then it will decrypt the gpg file and output a file named dbbackup.zip.


Share this