1. Database credentials are encrypted on the disk so they're harder to capture than reading off crontab.
2. The dump is compressed using gzip, which saves a surprising amount of space and bandwidth.
3. The dump is encrypted using a random passphrase each time with AES-256, then the passphrase is encrypted with RSA. The larger dump file is encrypted more efficiently and more quickly using the symmetrical cipher, while the 30-char passphrase is secured using the same strong pgp cryptography. Since the backups are all encrypted using a different key, it's harder to compute keys if given the encrypted data files.
4. It's decently tricky to get Dropbox running well on linux machines via CLI, and you can store more than 100 GB without contacting us for storage expansion.
1.) The database credentials must be stored somewhere in a reversible format in order for your script to connect to the database to do the dump?
2.) Could just add an extra "|gzip|" inbetween the mysqldump and gpg commands in the example I provided.
3.) I think this is how gpg works internally. Generates a symmetric key, encrypts that with the public key, and then encrypts the actual data with the symmetric key. This is why you can encrypt a file for two recipients without it doubling the size of the resulting encrypted file.
4.) I do remember having some minor problems when setting it up, but it was quite a while ago. Not a show stopper though.
We just launched MySQLVault, a really easy, really secure way to automatically backup MySQL databases. We know a lot of web developers are focused on making their project awesome, and neglecting their database backups. There are dozens are places to sacrifice peace of mind when building something new, but now creating and tracking database backups doesn't have to be one of them.
