LOG IN SIGN UP
Documentation

Encrypting logs

  Last updated July 17, 2017

For supported logging endpoints, Fastly allows you to encrypt your log files before they are written to disk. The files are encrypted using OpenPGP (Pretty Good Privacy).

Supported logging endpoints

The following logging endpoints currently support PGP encryption:

Generating a PGP key pair

To use this feature, you'll need to use a PGP implementation (such as GPG) to generate a public and private PGP key pair. Typically, this involves running the following command in a terminal application on your personal computer:

gpg --gen-key

Follow the instructions shown in your terminal application. Enter your email address and set a passphrase when prompted. Remember the values you enter.

Exporting the PGP public key

After you generate the PGP key pair, you'll need to export your public key. Typically, this involves running the following command in a terminal application on your personal computer:

gpg --armor --export <your email>

The output will be in PEM (Privacy-Enhanced Mail) format and will look similar to the following:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBFciSsYRBAC9aHsraEzLmzfuQLx+BZmGTCOQFsPGpiPaEKrulRbrcBvtt3Bl
zajFP9iVzSm3+Zyqge/1AtHllSnPHTqG2EoBCsWtXL/JnZcPjx8c5r8G5IuBGrh8
snP3KTJ64zCS7PUvrWy5RWcJ6Rs+6wiJ7zPOtU5wMEPuMbflh/soy50zrwCg74XN
u/jQYfGKTLTtap+hNPhO1o0P/2+Bqj7o3CgEkQQ8RRF+iVFPgt/5HEXpS6TxjJPJ
FFv2t311rwlJgPgH4nOuRwXRkJ+woPmZE2UVsG9bmV1296fq7o2HiPWUUHafUlPV
9ib4xlu2MPkCmoKVzOBKBxZ5kXYAYVchJnERrI8sPOATY+UG2zJyomPnUN3mOC7L
z1fcA/9aQaSOcPxxTJfT+JOuMwQuNbFJvrIR/QqEam4x/6hRlnLatVb7wRlKa5o2
9Pn7eGVLWIo791zwEALQSpvXIYasjVrJNPVGyORIMhMrgP0HUX3oKTX+iO7AepcS
8jAsLjTYNP/sP+n6/YAGQ2JckSBA/28s63K/Ud+NQE8EGBECAA8FAlcQSsYCGwwF
Cq+C9z2XwKzHLPyFIy5Fz1QIvH9iyZQkn8WbIExXojvE5WzfEbQfU2ltb24gV2lz
bHLAjtCG4qYNhebb4efLxyzW4b23WMC+SQa+3QKDa3PYONQDfsxzR2GvYJQLVWTu
CAcPAgQVAggPBBYCAwECHgECF4AACgkQjWBU6PMWoWUjUwCfUYPbGB+2CIhWbnWb
7zYmQKDIYTUAoKq5uAkfAmTp6CSkYw0l9C0vgpc4uQINBFciSsYQCADrWqWLv6TO
/JmDVPOJjmpve65/e9wGrgh4h5MotCVe7r+b4tplpkwC1poC97c6W4/Z2QKe2Wco
u+D5tEPugFf0Garn189P97L6tNRXJbR5VbDNrulyR18gJN0Bq4Du+/1kkmF2QRLQ
xCLhmE0S4HvSCLQY6FQHetDOn0jEP6covaX7U+ksXjpyASczaxPWA8Cnk9KrQ/mC
wAzx2CzgMX3FFwwEG43wlm1u+QnfuV6QOlQtFtclE/8eJ4WWdpAHkLwZDeEyrgvh
5zA5YhCnt2NbdwF32r6QOLhLL3sge/rsZ09ten+NBM6HJWDYTFkRlyOkVQTyNEsT
GUEgx3Q7/1c3AAMFB/4g5AhsoLRxbFGKJFbDEQxRYW1QQH6ChNMTqYA0k4vJ+Cbv
dG93QDxzaW1vbkBmYXN0bHkuY29tPohmBBMRAgAmBQJXQkrGAhsDBQkAG6+ABgsJ
41QqfQTWunwbCqAQPhuxYhUqaSBV9Wb1NUnwLzv0fkfJLTBp5X5B1eQGBdFFcpFa
+Rz79gfn41sylQlgRx1Xv79M5PObyAPuJDxBaSQ/lVzBfsK8lxxr90VvnJy4jpSe
QQgqFSQjxVxpdAd3gt0RaU9Tds0dkRy+kJNh31UJQShhFYBP58Q9Qr9A6NWPmJ2b
CQAbr4AACgkQjWBU6DMWoWVkAwCfX50rK3UXVQKz+F+r5qv2czQ9hcQAn3wQIgZ+
Mlw8D2qcp71wCZmX/mxz
=MiF8
-----END PGP PUBLIC KEY BLOCK-----

Enabling log encryption

To enable PGP encryption for a logging endpoint, copy and paste your public PGP key into the Fastly web interface. Follow the instructions in the logging endpoint guides.

the PGP public key field

Decrypting log files

To read an encrypted log file, you'll need to download and decrypt it. Typically, this involves running the following command in a terminal application on your personal computer:

gpg --decrypt <encrypted log file>

Enter your passphrase to decrypt the log file.


Back to Top