

Show HN: MySQLVault is simple, secure MySQL backups - zcs
https://mysqlvault.com

======
zcs
Hi all,

We just launched MySQLVault, a really easy, really secure way to automatically
backup MySQL databases. We know a lot of web developers are focused on making
their project awesome, and neglecting their database backups. There are dozens
are places to sacrifice peace of mind when building something new, but now
creating and tracking database backups doesn't have to be one of them.

We'd love to get your feedback in the comments-

------
mike-cardwell
Can you describe how your service is better than cronning this:

mysqldump -uusername -ppassword dbname | gpg -e -r dumps@example.com >
~/Dropbox/dbdumps/`date +%Y-%b-%d`.dump.gpg

I'm not being a douche, I'd genuinely like a list of advantages...

~~~
zcs
1\. Database credentials are encrypted on the disk so they're harder to
capture than reading off crontab. 2\. The dump is compressed using gzip, which
saves a surprising amount of space and bandwidth. 3\. The dump is encrypted
using a random passphrase each time with AES-256, then the passphrase is
encrypted with RSA. The larger dump file is encrypted more efficiently and
more quickly using the symmetrical cipher, while the 30-char passphrase is
secured using the same strong pgp cryptography. Since the backups are all
encrypted using a different key, it's harder to compute keys if given the
encrypted data files. 4\. It's decently tricky to get Dropbox running well on
linux machines via CLI, and you can store more than 100 GB without contacting
us for storage expansion.

~~~
mike-cardwell
1.) The database credentials must be stored somewhere in a reversible format
in order for your script to connect to the database to do the dump?

2.) Could just add an extra "|gzip|" inbetween the mysqldump and gpg commands
in the example I provided.

3.) I think this is how gpg works internally. Generates a symmetric key,
encrypts that with the public key, and then encrypts the actual data with the
symmetric key. This is why you can encrypt a file for two recipients without
it doubling the size of the resulting encrypted file.

4.) I do remember having some minor problems when setting it up, but it was
quite a while ago. Not a show stopper though.

