Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Purging
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Encrypting logs

      Last updated October 23, 2019

    For supported logging endpoints, Fastly allows you to encrypt your log files before they are written to disk. The files are encrypted using OpenPGP (Pretty Good Privacy).

    Generating a PGP key pair

    To use this feature, you'll need to use a PGP implementation (such as GPG) to generate a public and private PGP key pair. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --gen-key

    Follow the instructions shown in your terminal application. Enter your email address and set a passphrase when prompted. Remember the values you enter.

    Exporting the PGP public key

    After you generate the PGP key pair, you'll need to export your public key. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --armor --export <your email>

    The output will be in PEM (Privacy-Enhanced Mail) format and will look similar to the following:

    1
    2
    3
    4
    5
    6
    
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    mQGiBFciSsYRBAC9aHsraEzLmzfuQLx+BZmGTCOQFsPGpiPaEKrulRbrcBvtt3Bl
    zajFP9iVzSm3+Zyqge/1AtHllSnPHTqG2EoBCsWtXL/JnZcPjx8c5r8G5IuBGrh8
    snP3KTJ64zCS7PUvrWy5RWcJ6Rs+6wiJ7zPOtU5wMEPuMbflh/soy50zrwCg74XN
    [...REDACTED...]
    -----END PGP PUBLIC KEY BLOCK-----
    

    Enabling log encryption

    To enable PGP encryption for a logging endpoint that supports it, copy and paste your public PGP key into the PGP public key field in the Fastly web interface when creating or editing a supported logging endpoint.

    the PGP public key field

    Decrypting log files

    To read an encrypted log file, you'll need to download and decrypt it. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --decrypt <encrypted log file>

    Enter your passphrase to decrypt the log file.

    Back to Top