{"id":29342860,"url":"https://github.com/jbrt/ec2cryptomatic","last_synced_at":"2025-07-08T11:08:03.978Z","repository":{"id":48802052,"uuid":"102252181","full_name":"jbrt/ec2cryptomatic","owner":"jbrt","description":"Encrypt EBS volumes from AWS EC2 instances","archived":false,"fork":false,"pushed_at":"2023-03-29T15:42:17.000Z","size":357,"stargazers_count":50,"open_issues_count":3,"forks_count":28,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-20T11:35:39.880Z","etag":null,"topics":["aws","docker","ebs","ebs-snapshots","ebs-volumes","ec2","ec2-instance","go","golang"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jbrt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-03T08:54:04.000Z","updated_at":"2024-01-02T22:21:14.000Z","dependencies_parsed_at":"2024-06-20T10:50:26.389Z","dependency_job_id":"91d9a919-c292-4fe9-92b8-5d78ae417d40","html_url":"https://github.com/jbrt/ec2cryptomatic","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/jbrt/ec2cryptomatic","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jbrt%2Fec2cryptomatic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jbrt%2Fec2cryptomatic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jbrt%2Fec2cryptomatic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jbrt%2Fec2cryptomatic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jbrt","download_url":"https://codeload.github.com/jbrt/ec2cryptomatic/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jbrt%2Fec2cryptomatic/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264257674,"owners_count":23580469,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","ebs","ebs-snapshots","ebs-volumes","ec2","ec2-instance","go","golang"],"created_at":"2025-07-08T11:07:59.225Z","updated_at":"2025-07-08T11:08:03.969Z","avatar_url":"https://github.com/jbrt.png","language":"Go","readme":"# EC2Cryptomatic\n\n[![Github Action](https://github.com/jbrt/ec2cryptomatic/workflows/publish-docker-image/badge.svg)](https://github.com/jbrt/ec2cryptomatic/actions?workflow=publish-docker-image)\n![Docker Pulls](https://img.shields.io/docker/pulls/jbrt/ec2cryptomatic.svg?label=pulls\u0026logo=docker)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=jbrt_ec2cryptomatic\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=jbrt_ec2cryptomatic)\n\nEncrypt EBS volumes from AWS EC2 instances\n\n**A serverless version of this script exists here:** https://github.com/jbrt/ec2cryptomatic-serverless\n\n## Description\n\nThis tool let you :\n- Encrypt all the EBS volumes for an instance\n- If volumes already encrypted, re-encrypt these with the given key\n- Duplicate all the source tags to the target\n- Apply DeleteOnTermination flag if needs\n- Preserve the original volume or not as an option (thank to @cobaltjacket)\n- Start each instance after encrypting is complete (thank to @dshah22)\n\nFor your information, the workflow used to encrypt an EBS volume is:\n- Take a snapshot from the original volume\n- Create a new volume encrypted from that snapshot\n- Swap volumes\n- Delete source unencrypted volumes (if requested)\n\n## Note about version 2.x\n\nSince version 1, EC2Cryptomatic was coded in Python. This version 2 is a \ncomplete rewriting of this tool in Golang.\n\nWhy Golang instead of Python ? Principally because of fun and for training for \nthe author on that language.\n\nGolang is also a good option for a CLI tool like this (more portable than \nPython).\n\nPython version is still available at git tag 1.2.4.\n\n## Prerequisites\n\nEC2Cryptomatic needs the following IAM rights:\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"EC2CryptomaticPolicy\",\n            \"Action\": [\n                \"ec2:AttachVolume\",\n                \"ec2:CopyImage\",\n                \"ec2:CopySnapshot\",\n                \"ec2:CreateSnapshot\",\n                \"ec2:CreateVolume\",\n                \"ec2:CreateTags\",\n                \"ec2:DeleteSnapshot\",\n                \"ec2:DeleteVolume\",\n                \"ec2:DescribeInstances\",\n                \"ec2:DescribeSnapshots\",\n                \"ec2:DescribeVolumes\",\n                \"ec2:DetachVolume\",\n                \"ec2:ModifyInstanceAttribute\",\n                \"ec2:StartInstances\",\n                \"kms:DescribeKey\"\n            ],\n            \"Effect\": \"Allow\",\n            \"Resource\": \"*\"\n        }\n    ]\n}\n\n```\n\n## Syntax\n\nHere is the syntax of ec2cryptomatic. You have to specify a AWS region name\nand one EC2 instance ID.\n\n```\nEncrypt all EBS volumes for the given instances\n\nUsage:\n  ec2cryptomatic run [flags]\n\nFlags:\n  -d, --discard           Discard source volumes after encryption process (default: false)\n  -h, --help              help for run\n  -i, --instance string   Instance ID of instance of encrypt (required)\n  -k, --kmskey string     KMS key alias name (default \"alias/aws/ebs\")\n  -r, --region string     AWS region (required)\n```\n\n## Docker\n\nYou can build a Docker image of that tool with the Dockerfile provided in \nthis repository :\n\n`docker build -t ec2cryptomatic:latest .`\n\nOr you can use the image already pulled into the official Docker Hub:\n\n`docker pull jbrt/ec2cryptomatic`\n\n## Binaries\n\nIf you do not want to use Docker, you can use a binary version (accessible from the release section).\nVersions currently supported:\n\n- Linux (x86_64, ARM)\n- FreeBSD (x86_64, ARM)\n- MacOS/Darwin (x86_64 only)\n- Windows (x86_64 only)\n\n## Example\n\n![example](ec2cryptomatic.png)\n\n## License\n\nThis project is under GPL3 license\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjbrt%2Fec2cryptomatic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjbrt%2Fec2cryptomatic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjbrt%2Fec2cryptomatic/lists"}