Skip to content

Encryption

Jump to bottom Edit New page
Ashley Davis edited this page Feb 25, 2026 · 7 revisions

Encryption

To protect your media with encryption:

  1. Generate a key on first init (key is stored in the Photosphere config directory under the name you give):

    psi init --key my-key --generate-key

  2. Use the same key for all operations (refer to it by name):

    psi add ~/new-photos/ --key my-key
psi ui --key my-key
psi export abc123-def4-5678-9012-345678901234 ./output.jpg --key my-key

  3. Encrypt on replication:

    psi replicate --key my-key --generate-key --dest s3:my-bucket/my-photos

Keys are generally stored in the Photosphere config directory and don't require a path—just a name.

Important: If you use encryption, don't lose your encryption key. If you lose it, you lose access to your encrypted database.

Advice: As soon as you generate a key, store it safely in your password manager.

Add a custom footer
Add a custom sidebar

Clone this wiki locally