In-transit encryption for PBM


I was trying to gather information about encryption regarding PBM and I didn’t find any information regarding in-transit encryption when the backup is being streamed to a remote backup storage.
Does anyone know where can I find information regarding which encryption method is used and if HTTPS is used, for example?
I know I can do some debugging when using the tool but I would like to have that information provided by Percona.
Also, I found in the docs information regarding SSE, for at-rest encryption.


Hi @convexing ,

Welcome to Percona Community forum!

In-Transit Encryption:
If I understand it correct, you are referring to TLS(in-transit) encryption. These are non-default options in PBM which you can use while Configuring the Authentication during the setup.

Kindly refer the below links on how to use those options -

Server-Side Encryption:
Starting with version 2.0.1, Percona Backup for MongoDB also supports server-side encryption with customer-provided keys that stored on the client side.

To use the SSE-C encryption, specify the following parameters in the Percona Backup for MongoDB configuration file:

sseCustomerAlgorithm: AES256
sseCustomerKey: <your_encryption_key>

Ref. Link.: Overview - Percona Backup for MongoDB


Hi @Parag_Bhayani , The above mentioned serverSideEncryption option is not encrypting the backup files with GCS bucket, its just storing the plain compressed files. No errors also found in logs