What if I need to send up encrypted logs from a number of clients? I tried to use nacl for this, but in its opinionated style, it holds that I have to have a sender private key to authenticate my logs, and it won't decrypt unless I provide the corresponding public key on the other end.
I don't want authentication here - there's no way for me to manage these keys; I just want to prevent someone from reading my logs off the disk...
Do you want symmetric encryption? NaCl does that too, it's just a section bellow the asymmetric ones on its documentation.
But I'm not sure you completely thought this out. If somebody can read your disk, and if that includes software configuration, the only way to make it impossible for people to read your logs is by using asymmetric crypto. And yes, that'll require using different keys on the writing and reading software.
I don't want authentication here - there's no way for me to manage these keys; I just want to prevent someone from reading my logs off the disk...