Fork me on GitHub

Hi guys, I did backup-db with encryption sse flag to S3. I downloaded same file and don't see difference between encrypted and non encrypted backups


I would like store my backups encrypted. What I'm doing wrong? ._.


./bin/datomic backup-db --encryption sse -Ddatomic.s3BackupConcurrency=350 $uri s3://$backup_bucket/encrypted/${db_name}


And might be are there a way to check this behavoiur? Also, if I copy my backups from s3 to another place, am I able to restore-db with ecrypted backup files?


@lowl4tency: the invocation looks correct to me on first glance. I’ll look into it. Also, re: your previous question, the expectation is that processes are down for a restore until its complete for non-dev transactors. if transasctor/peer are up they may fall over on seeing inconsistency.


bkamphaus: thank you for the answer, btw I use datomic-pro-0.9.5344 for backup-db


I use diff for comparing files. Also I check out it over cat. Don't see difference ._. as far as i understand files shouldn't be same if I use encryption


the encryption is amazon level, I haven’t thought through it entirely before but I don’t think you should see a file level difference if you’re actually able to inspect the files - it’s probably handled by some aspect of AWS access control.


bkamphaus: thx, will check out how it works on AWS level and back 🙂


bkamphaus: if I understand correctly encryption in datomic implemented via this


@lowl4tency: if you look at one of the files in the AWS management console view for s3, under properties in the drop down menu there should be a “Details” expandable view where you can see if “Server Side Encryption” is listed as either None or AES-256.


trying to find an equivalent cli invocation, no luck thus far.


Does :db.error/transaction-timeout mean the transaction did not happen, or only that requesting the transaction's result simply timed out?


Ah, found it: "When a transaction times out, the peer does not know whether the transaction succeeded, and will need to query a recent value of the database to discover what happened."


@sdegutis: you don't know until you reconnect and check. Pitfalls of distributed systems and all that.


Great. Just queried the database and figured it out. Thanks.


The docs say to use the overloaded Future.get() method that accepts a timeout, but I still got a timeout even though I didn't pass one and didn't set it via System/setProperty either. Is there a default timeout value or something?


Ah, datomic.txTimeoutMsec defaults to 10000.


Datomic doesn't have a built-in query log or anything like that, does it?


bkamphaus: wow, yeah exactly I see the checkpoint AES-256. I've read the doc more carefully, so when I downloaded the file it's non-encrypted yet 🙂