How to Encrypt a Database Password in a Plesk Backup? (Video)

When creating backups in Plesk, it's important to protect sensitive information, such as database passwords. By default, Plesk backups are not encrypted, which can expose sensitive information in backup files. However, you can encrypt database passwords to add an extra layer of security.

Here's how you can ensure that database passwords are encrypted during a backup in Plesk:

Step 1: Log in to Plesk

  1. Open your web browser and navigate to your Plesk login page:
    • Example: https://yourdomain.com:8443 or https://your-server-ip:8443.
  2. Enter your username and password, then click Log In.

Step 2: Access the Backup Manager

  1. After logging in, navigate to the Tools & Settings tab (for administrators) or Websites & Domains (for individual users).
  2. In the Tools & Settings section, find and click on Backup Manager under General Settings.
    • If you're an individual user managing a website, go to Websites & Domains and click on Backup Manager.

Step 3: Create a Backup

  1. In the Backup Manager, click on Back Up to start a new backup process.
  2. Choose the type of backup you want to create (e.g., Full Backup or Incremental Backup).
  3. In the backup settings, select Backup Destination (Local storage, FTP, or Remote storage).
  4. Before proceeding, make sure that you understand the Backup Contents section:
    • Websites
    • Emails
    • Databases
    • DNS Settings
    • Configurations

Step 4: Enable Database Password Encryption (Advanced Option)

Unfortunately, there isn't a direct option to encrypt database passwords specifically in Plesk's backup settings. However, there are a few ways to ensure that the backup file (which may contain database credentials) is securely encrypted.

  1. Password Protect the Backup:
    • While creating the backup, ensure that you store it in an encrypted remote backup destination (such as an FTP server with secure login credentials).
    • You can also password-protect the backup file if you're downloading it manually later.
  2. Use SFTP for Remote Backups:
    • To ensure encrypted transmission of backup data, always use SFTP (Secure FTP) instead of standard FTP. This encrypts the entire backup transfer.
    • Set up SFTP backup storage in the Backup Settings section:
      1. Choose SFTP Backup Storage under Backup Settings.
      2. Provide the SFTP server details (host, username, password).
      3. Set up a secure folder on the remote server to store your encrypted backups.

Step 5: Manually Encrypt the Backup File

If you want to encrypt the backup file after it is generated, you can use external tools to encrypt the backup file before storing or transferring it. For example, use encryption tools like GPG (GNU Privacy Guard) or OpenSSL.

  1. Using GPG:

    • After creating the backup file, use a command like this on your server:
            bash- gpg --symmetric --cipher-algo AES256 backup-file.tar.gz
    • This will encrypt the backup file with a passphrase. You will need to provide the passphrase when decrypting.

    • Using OpenSSL:

      • Alternatively, you can use OpenSSL to encrypt the backup file:

                     bash- openssl enc -aes-256-cbc -salt -in backup-file.tar.gz -out backup-file.tar.gz.enc

  • This will encrypt the file using AES-256 encryption. You will need to enter a password to encrypt and decrypt the file.

Step 6: Automate Backup Encryption (Optional)

If you frequently need encrypted backups, consider automating the process by adding a post-backup script that encrypts the backup file once it's created.

  1. Use a cron job (on Linux) or Scheduled Task (on Windows) to automatically run the GPG or OpenSSL encryption script after a backup is created.

Step 7: Verify the Backup Security

After creating the backup, verify that the database passwords (and other sensitive information) are securely encrypted by checking the backup file:

  • If you manually encrypted the backup, ensure the encryption tools you used can decrypt it properly.
  • If using a remote storage solution (FTP, SFTP), ensure that access to the server is secured with strong passwords and encryption protocols.

Additional Notes

  • Database Encryption: If you need additional database-level encryption for passwords or other sensitive data, consider using encryption plugins or database encryption options like Transparent Data Encryption (TDE) in MySQL or Full Disk Encryption (FDE) for better security.
  • Backup Retention: Securely store old backups, delete outdated backups, and ensure that backup files are not exposed to unauthorized access.
  • Backup Encryption Limitations: While Plesk does not have a direct option to encrypt database passwords in backups, using external encryption methods (like GPG, OpenSSL, or SFTP) will help protect the data.

Although Plesk doesn't offer a direct method for encrypting database passwords in backups, you can use external encryption tools (like GPG or OpenSSL) and secure backup methods (like SFTP) to protect your backup files. These steps will ensure that your sensitive database passwords remain encrypted and secure during the backup process and storage.

 
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to generate and download a full backup of your Plesk Account? (Video)

Creating a full backup of your Plesk account ensures that all your website data, emails,...

How to exclude specific files or folders from the Plesk backup? (Video)

If you want to reduce the size of your backups or exclude unnecessary files and folders...

How to Configure an FTP backup in Plesk? (Video)

Configuring an FTP backup in Plesk allows you to store your backups remotely on an FTP server,...