Browse Source

Add backup encryption

pull/106/head
ITBM 6 years ago
parent
commit
fa88fe526c
  1. 1
      mysql-backup-s3/Dockerfile
  2. 1
      mysql-backup-s3/README.md
  3. 11
      mysql-backup-s3/backup.sh
  4. 3
      mysql-backup-s3/install.sh
  5. 1
      postgres-backup-s3/Dockerfile
  6. 3
      postgres-backup-s3/README.md
  7. 18
      postgres-backup-s3/backup.sh
  8. 3
      postgres-backup-s3/install.sh

1
mysql-backup-s3/Dockerfile

@ -20,6 +20,7 @@ ENV S3_PREFIX 'backup'
ENV S3_FILENAME **None**
ENV MULTI_FILES no
ENV SCHEDULE **None**
ENV ENCRYPTION_PASSWORD **None**
ADD run.sh run.sh
ADD backup.sh backup.sh

1
mysql-backup-s3/README.md

@ -26,6 +26,7 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET
- `S3_S3V4` set to `yes` to enable AWS Signature Version 4, required for [minio](https://minio.io) servers (default: no)
- `MULTI_FILES` Allow to have one file per database if set `yes` default: no)
- `SCHEDULE` backup schedule time, see explainatons below
- `ENCRYPTION_PASSWORD` password to encrypt the backup. Can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`
### Automatic Periodic Backups

11
mysql-backup-s3/backup.sh

@ -44,6 +44,17 @@ copy_s3 () {
SRC_FILE=$1
DEST_FILE=$2
if [ "${ENCRYPTION_PASSWORD}" != "**None**" ]; then
echo "Encrypting ${SRC_FILE}"
openssl enc -aes-256-cbc -in $SRC_FILE -out ${SRC_FILE}.enc -k $ENCRYPTION_PASSWORD
if [ $? != 0 ]; then
>&2 echo "Error encrypting ${SRC_FILE}"
fi
rm $SRC_FILE
SRC_FILE="${SRC_FILE}.enc"
DEST_FILE="${DEST_FILE}.enc"
fi
if [ "${S3_ENDPOINT}" == "**None**" ]; then
AWS_ARGS=""
else

3
mysql-backup-s3/install.sh

@ -6,6 +6,9 @@ set -e
apk update
# install openssl
apk add openssl
# install mysqldump
apk add mysql-client

1
postgres-backup-s3/Dockerfile

@ -18,6 +18,7 @@ ENV S3_PATH 'backup'
ENV S3_ENDPOINT **None**
ENV S3_S3V4 no
ENV SCHEDULE **None**
ENV ENCRYPTION_PASSWORD **None**
ADD run.sh run.sh
ADD backup.sh backup.sh

3
postgres-backup-s3/README.md

@ -40,3 +40,6 @@ You can additionally set the `SCHEDULE` environment variable like `-e SCHEDULE="
More information about the scheduling can be found [here](http://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules).
### Encryption
You can additionally set the `ENCRYPTION_PASSWORD` environment variable like `-e ENCRYPTION_PASSWORD="superstrongpassword"` to encrypt the backup. It can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`.

18
postgres-backup-s3/backup.sh

@ -59,10 +59,24 @@ POSTGRES_HOST_OPTS="-h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER $POSTG
echo "Creating dump of ${POSTGRES_DATABASE} database from ${POSTGRES_HOST}..."
pg_dump $POSTGRES_HOST_OPTS $POSTGRES_DATABASE | gzip > dump.sql.gz
SRC_FILE=dump.sql.gz
DEST_FILE=${POSTGRES_DATABASE}_$(date +"%Y-%m-%dT%H:%M:%SZ").sql.gz
pg_dump $POSTGRES_HOST_OPTS $POSTGRES_DATABASE | gzip > $SRC_FILE
if [ "${ENCRYPTION_PASSWORD}" != "**None**" ]; then
echo "Encrypting ${SRC_FILE}"
openssl enc -aes-256-cbc -in $SRC_FILE -out ${SRC_FILE}.enc -k $ENCRYPTION_PASSWORD
if [ $? != 0 ]; then
>&2 echo "Error encrypting ${SRC_FILE}"
fi
rm $SRC_FILE
SRC_FILE="${SRC_FILE}.enc"
DEST_FILE="${DEST_FILE}.enc"
fi
echo "Uploading dump to $S3_BUCKET"
cat dump.sql.gz | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/${POSTGRES_DATABASE}_$(date +"%Y-%m-%dT%H:%M:%SZ").sql.gz || exit 2
cat $SRC_FILE | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/$DEST_FILE || exit 2
echo "SQL backup uploaded successfully"

3
postgres-backup-s3/install.sh

@ -6,6 +6,9 @@ set -e
apk update
# install openssl
apk add openssl
# install pg_dump
apk add postgresql

Loading…
Cancel
Save