Consul snapshot files

Hi everyone!

First time here. I have a question that I couldn’t find while searching regarding Consul snapshot. We are looking to backup Consul since we are using it as a backend for Vault. Does anyone know if the snapshot is encrypted? I know it’s a tarball and I’ve extracted it. I get a meta.json, a SHA256SUMS and a state.bin. It doesn’t look to be encrypted but I just wanted to confirm with you great folks here :slight_smile:

As well, we currently do not use any Cloud services and currently using vSphere on-prem but do you folks have any suggestions or best-practices on storing and encrypting these snapshots?

Thank you!

Reading the documentation for the snapshot agent - as an enterprise feature - and the parameter aws-s3-server-side-encryption i would guess the oss ones are not encrypted.

Personally i would store the snapshot on a network storage, not the server/ cluster itself. You could encrypt the backups using pgp.
I think they should be handled like every backup: with care. :slight_smile:

1 Like

Thanks @Wolfsrudel for the reply and suggestion! This helps!

1 Like