Outsourcing data and computation to the cloud is increasingly common. However, the data to be outsourced is often privacy-sensitive (e.g., geospatial data, social network data, and Internet network traffic data) and thus it is typically outsourced after being properly encrypted. Graph is one of the most common ways to model and represent the data in many applications, including geospatial data in geographic information systems. In this paper, we consider the following problem: given a graph G, representing for example road or social networks, outsourced to a cloud in encrypted format, the user wants to privately retrieve from G the shortest path from a source s to a destination t. We refer to this problem as Privacy-preserving Shortest Path discovery over Encrypted Graph (PSPEG) data. We propose two novel PSPEG protocols under different security and efficiency guarantees. The first protocol enables one to retrieve the shortest path under a single-cloud setting whereas the second protocol is proposed under a federated cloud environment. Our theoretical and empirical analyses show that the proposed protocols provide a trade-off between efficiency and security.