You can encrypt the configuration file of syslog-ng Store Box (SSB) during system backups using the public-part of a GPG key. The system backups of SSB contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain logspace data.

For details on restoring configuration from a configuration backup, see Restoring SSB configuration and data.

NOTE: It is not possible to directly import a GPG-encrypted configuration into SSB, it has to be decrypted locally first.

Prerequisites:

You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.

To encrypt configuration backups with GPG

  1. Navigate to Basic > System > Management > System backup.

  2. Select Encrypt configuration.

  3. Select .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. SSB accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, paste it into the Key field and click Set.

  4. Click .