Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Encrypting logs

      Last updated April 20, 2018

    For supported logging endpoints, Fastly allows you to encrypt your log files before they are written to disk. The files are encrypted using OpenPGP (Pretty Good Privacy).

    Supported logging endpoints

    The following logging endpoints currently support PGP encryption:

    Generating a PGP key pair

    To use this feature, you'll need to use a PGP implementation (such as GPG) to generate a public and private PGP key pair. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --gen-key

    Follow the instructions shown in your terminal application. Enter your email address and set a passphrase when prompted. Remember the values you enter.

    Exporting the PGP public key

    After you generate the PGP key pair, you'll need to export your public key. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --armor --export <your email>

    The output will be in PEM (Privacy-Enhanced Mail) format and will look similar to the following:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    mQGiBFciSsYRBAC9aHsraEzLmzfuQLx+BZmGTCOQFsPGpiPaEKrulRbrcBvtt3Bl
    zajFP9iVzSm3+Zyqge/1AtHllSnPHTqG2EoBCsWtXL/JnZcPjx8c5r8G5IuBGrh8
    snP3KTJ64zCS7PUvrWy5RWcJ6Rs+6wiJ7zPOtU5wMEPuMbflh/soy50zrwCg74XN
    u/jQYfGKTLTtap+hNPhO1o0P/2+Bqj7o3CgEkQQ8RRF+iVFPgt/5HEXpS6TxjJPJ
    FFv2t311rwlJgPgH4nOuRwXRkJ+woPmZE2UVsG9bmV1296fq7o2HiPWUUHafUlPV
    9ib4xlu2MPkCmoKVzOBKBxZ5kXYAYVchJnERrI8sPOATY+UG2zJyomPnUN3mOC7L
    z1fcA/9aQaSOcPxxTJfT+JOuMwQuNbFJvrIR/QqEam4x/6hRlnLatVb7wRlKa5o2
    9Pn7eGVLWIo791zwEALQSpvXIYasjVrJNPVGyORIMhMrgP0HUX3oKTX+iO7AepcS
    8jAsLjTYNP/sP+n6/YAGQ2JckSBA/28s63K/Ud+NQE8EGBECAA8FAlcQSsYCGwwF
    Cq+C9z2XwKzHLPyFIy5Fz1QIvH9iyZQkn8WbIExXojvE5WzfEbQfU2ltb24gV2lz
    bHLAjtCG4qYNhebb4efLxyzW4b23WMC+SQa+3QKDa3PYONQDfsxzR2GvYJQLVWTu
    CAcPAgQVAggPBBYCAwECHgECF4AACgkQjWBU6PMWoWUjUwCfUYPbGB+2CIhWbnWb
    7zYmQKDIYTUAoKq5uAkfAmTp6CSkYw0l9C0vgpc4uQINBFciSsYQCADrWqWLv6TO
    /JmDVPOJjmpve65/e9wGrgh4h5MotCVe7r+b4tplpkwC1poC97c6W4/Z2QKe2Wco
    u+D5tEPugFf0Garn189P97L6tNRXJbR5VbDNrulyR18gJN0Bq4Du+/1kkmF2QRLQ
    xCLhmE0S4HvSCLQY6FQHetDOn0jEP6covaX7U+ksXjpyASczaxPWA8Cnk9KrQ/mC
    wAzx2CzgMX3FFwwEG43wlm1u+QnfuV6QOlQtFtclE/8eJ4WWdpAHkLwZDeEyrgvh
    5zA5YhCnt2NbdwF32r6QOLhLL3sge/rsZ09ten+NBM6HJWDYTFkRlyOkVQTyNEsT
    GUEgx3Q7/1c3AAMFB/4g5AhsoLRxbFGKJFbDEQxRYW1QQH6ChNMTqYA0k4vJ+Cbv
    dG93QDxzaW1vbkBmYXN0bHkuY29tPohmBBMRAgAmBQJXQkrGAhsDBQkAG6+ABgsJ
    41QqfQTWunwbCqAQPhuxYhUqaSBV9Wb1NUnwLzv0fkfJLTBp5X5B1eQGBdFFcpFa
    +Rz79gfn41sylQlgRx1Xv79M5PObyAPuJDxBaSQ/lVzBfsK8lxxr90VvnJy4jpSe
    QQgqFSQjxVxpdAd3gt0RaU9Tds0dkRy+kJNh31UJQShhFYBP58Q9Qr9A6NWPmJ2b
    CQAbr4AACgkQjWBU6DMWoWVkAwCfX50rK3UXVQKz+F+r5qv2czQ9hcQAn3wQIgZ+
    Mlw8D2qcp71wCZmX/mxz
    =MiF8
    -----END PGP PUBLIC KEY BLOCK-----
    

    Enabling log encryption

    To enable PGP encryption for a logging endpoint, copy and paste your public PGP key into the Fastly web interface. Follow the instructions in the logging endpoint guides.

    the PGP public key field

    Decrypting log files

    To read an encrypted log file, you'll need to download and decrypt it. Typically, this involves running the following command in a terminal application on your personal computer:

    gpg --decrypt <encrypted log file>

    Enter your passphrase to decrypt the log file.

    Back to Top