It was actually a lot easier than I thought it might be to add encryption to a server's backup process.

I created a PGP GnuPG key, put the public key on the server, added it to the backup user's keyring, set the trust level, and added: gpg -r serveradmin@example.com -e backuptoencrypt.tgz && rm backuptoencrypt.tgz

Now the admins are the only ones with the private key, and anyone who gets ahold of the backups won't be able to do anything with them. Time to add this to more servers.

[[!tags backups encryption security gnupg pgp]]