.. _minio-support-encryption:
================
Encrypting Files
================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Description
-----------
You can encrypt the output of the :mc:`mc support inspect` command for enhanced security when transmitting the files to |SUBNET|.
Encryption
----------
You can choose to encrypt the output zip file for enhanced security with the ``--encrypt`` flag.
MinIO provides a binary to decrypt the file.
When the encryption flag, the output provides a decryption key.
The output resembles the following:
.. code-block:: shell
$ mc support inspect --encrypt play/test123/test*/*/part.*
mc: Encrypted file data successfully downloaded as inspect.ad2b43d8.enc
mc: Decryption key: ad2b43d847fdb14e54c5836200177f7158b3f745433525f5d23c0e0208e50c9948540b54
mc: The decryption key will ONLY be shown here. It cannot be recovered.
mc: The encrypted file can safely be shared without the decryption key.
mc: Even with the decryption key, data stored with encryption cannot be accessed.
As the output says, MinIO only displays the encryption key this one time, and it cannot be displayed or recovered later.
.. _minio-support-decryption:
Decryption
----------
MinIO provides a decryption tool to use on the files generated by :mc:`mc support inspect`.
To install the decryption tool, install `Go `_, then run
.. code-block:: shell
:class: copyable
go install github.com/minio/minio/docs/debugging/inspect@latest
After installing the inspect decryption binary, decrypt the file with the following command:
.. code-block:: shell
inspect -key=
Replace ```` with the decryption key provided when generating the diagnosit file.
Replace ```` with the downloaded file name, including a relative or absolute path.
``-key`` flag is optional. If not provided, an interactive prompt asks for the key.
The file name includes a portion of the decryption key.
This helps verify which key to use for the file.
The decryption process outputs an unencrypted ``.zip`` file.