icebox 0.1.0

Encrypting command-line client for Amazon Glacier.

icebox

Encrypting command-line client for Amazon Glacier.

This command-line client lets you store files and directories in Amazon Glacier. All data is encrypted using GnuPG before being uploaded and no original filenames will be visible remotely.

Requirements

• AWS credentials with write access to Glacier
• GnuPG public/private keypair

Setup

AWS credentials

Configure AWS credentials as described in the Boto documentation. The credentials should have write access to the Glacier vaults you plan to use. See the example IAM policy for recommended permissions.

GnuPG keypair

Create a keypair for icebox and make a note of the ID. Retrieval operations can take a long time, so you should make sure the keypair stays accessible, i.e. no password prompts blocking the operation.

Install icebox

Install icebox using pip (or pipsi):

pip install icebox

Usage

Create a new box

Create the box mybox for a Glacier vault called myvault like this:

icebox init mybox 0xMYKEYID glacier myvault

If your AWS credentials are not in the default profile, use the --profile option:

icebox init mybox 0xMYKEYID glacier myvault --profile icebox

Store data in a box

To store a file or directory, simply specify its location:

icebox put myvault cat-pictures/grumpy.jpg

Retrieve data from a box

There are no directories in boxes, so you just specify the original name of the source and a destination:

icebox get myvault grumpy.jpg ~/Desktop

Standard retrievals can take a long time. To perform an Expedited retrieval, use the Tier option:

icebox get myvault grumpy.jpg ~/Desktop -o Tier=Expedited

Retrieval operations are tracked by icebox, so you can interrupt a waiting retrieval and request the same source again later.