For added security, we now encrypt backups during creation.
The backup file names now indicate the type and sequence of the backup.
Contents
Background
Cameo saves backups overnight on a six-week cycle, comprising
- a full backup,
- a weekly accumulative backup, and
- an incremental backup on other days
An accumulative backup stores everything since the last full backup. An incremental backup stores everything that has changed in the previous day. So a complete backup requires a full backup, the most recent accumulative backup (if any) and all the incremental backups (if any) since the most recent accumulative or full.
For those installations that have requested it, Cameo’s backup server transfers backups to a third-party location daily. We encrypt these files.
Administrators can see the current backup status in admin → backups.
Encryption
Rather than encrypt on transfer from Cameo’s backup server, Cameo now encrypts backups during creation. This means the files are now encrypted in all locations where they are stored. This decreases the risk of public exposure of useful data should any of these locations be compromised.
Encryption passwords remain unchanged (administrators should have a note of your password already).
Find backup documentation in the docs directory in GitHub. Decrypt (and unzip) like this:
gpg --decrypt encrypted-file.tgz.gpg | tar xf -
We have also encrypted older files on the backup server retrospectively.
admin → backups now includes the encryption status.
Backup file names
The name of each backup file now reflects its type and sequence. This makes it easier to identify files needed for a restore. Names are of the form
DATE.TYPE.SEQUENCE.tgz.gpg
where TYPE is full, accumulative or incremental and sequence is a number. For example,
2023-01-08-04-40-02.incremental.2.tgz.gpg
(Full backups do not include a sequence number).