encryption options #5
Description
For SQL backups, we'll want encrypt and compression, before we send it off. As per https://medium.com/@rahul660singh/if-youre-going-to-compress-and-encrypt-a-file-which-do-you-do-first-and-why-1a99cde9c4e3 we want to compress first, otherwise we won't benefit from compression.
Encryption should be done with symmetric AES and we'll need to do it all for local SQL backups.
For Google cloud storage, it's probably better to let Google do the encryption (if only to make the access not dependent on keys stored elsewhere), though with keys managed by us.
So the configuration will need to specify whether we're piping it through an encryption function before sending it off to its destination.
Consider: rclone, duplicati, Borgbackup for examples
Or just use https://github.com/restic/restic ?