HTTPS SSH
Architecture

    Each source uses its own GPG key. This way one compromised
server would not lead to any other compromises.


Configuration

 1. Generate GPG key for install (ex: http://www.cyberciti.biz/tips/linux-how-to-create-our-own-gnupg-privatepublic-key.html)
 2. cp example-settings.py to settings.py and edit env.RECEPIENTS_KEYS, env.GPG_PASSPHRASE (for 1st key)
 3. Import recepient keys (public part) via gpg --import <file>
 4. Configure env.BACKUP_DIRS, env.BACKUP_EXCLUDE_DIRS
 5. Try to run:
    fab backup

 
Sudo config

 If there are need to exec via Sudo + AWS, this is recommended setup:

Add this to /etc/sudoers:
  Defaults        env_keep += "AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY PASSPHRASE"


GPG trust

 For every recepient key:
 1. gpg --import <keyfile>
 2. gpg --edit <key_id>
     trust
     5 = I trust ultimately