minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity

Docs Multiplatform Slice

Browse Source
This commit is contained in:
Ravind Kumar
2022-05-06 16:44:42 -04:00
parent df33ddee6a
commit b99c20a16f
134 changed files with 3689 additions and 2200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
source/operations/troubleshooting/encrypting-files.rst Normal file
View File

@ -0,0 +1,66 @@
.. _minio-support-encryption:
================
Encrypting Files
================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Description
-----------
You can encrypt the output of the :mc-cmd:`mc support inspect` command for enhanced security when transmitting the files to |SUBNET|.
Encryption
----------
You can choose to encrypt the output zip file for enhanced security with the ``--encrypt`` flag.
MinIO provides a binary to decrypt the file.
When the encryption flag, the output provides a decryption key.
The output resembles the following:
.. code-block:: shell
$ mc support inspect --encrypt play/test123/test*/*/part.*
mc: Encrypted file data successfully downloaded as inspect.ad2b43d8.enc
mc: Decryption key: ad2b43d847fdb14e54c5836200177f7158b3f745433525f5d23c0e0208e50c9948540b54
mc: The decryption key will ONLY be shown here. It cannot be recovered.
mc: The encrypted file can safely be shared without the decryption key.
mc: Even with the decryption key, data stored with encryption cannot be accessed.
As the output says, MinIO only displays the encryption key this one time, and it cannot be displayed or recovered later.
.. _minio-support-decryption:
Decryption
----------
MinIO provides a decryption tool to use on the files generated by :mc-cmd:`mc support inspect`.
To install the decryption tool, install `Go <https://golang.org/dl/>`_, then run
.. code-block:: shell
:class: copyable
go install github.com/minio/minio/docs/debugging/inspect@latest
After installing the inspect decryption binary, decrypt the file with the following command:
.. code-block:: shell
inspect -key=<decryptionKeyFromOutput> <file.enc>
Replace ``<decryptionKeyFromOutput>`` with the decryption key provided when generating the diagnosit file.
Replace ``<file.enc>`` with the downloaded file name, including a relative or absolute path.
``-key`` flag is optional. If not provided, an interactive prompt asks for the key.
The file name includes a portion of the decryption key.
This helps verify which key to use for the file.
The decryption process outputs an unencrypted ``.zip`` file.