Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add backup encryption #106

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add backup encryption #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions mysql-backup-s3/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ ENV S3_PREFIX 'backup'
ENV S3_FILENAME **None**
ENV MULTI_FILES no
ENV SCHEDULE **None**
ENV ENCRYPTION_PASSWORD **None**

ADD run.sh run.sh
ADD backup.sh backup.sh
Expand Down
1 change: 1 addition & 0 deletions mysql-backup-s3/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET
- `S3_S3V4` set to `yes` to enable AWS Signature Version 4, required for [minio](https://minio.io) servers (default: no)
- `MULTI_FILES` Allow to have one file per database if set `yes` default: no)
- `SCHEDULE` backup schedule time, see explainatons below
- `ENCRYPTION_PASSWORD` password to encrypt the backup. Can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`

### Automatic Periodic Backups

Expand Down
11 changes: 11 additions & 0 deletions mysql-backup-s3/backup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ copy_s3 () {
SRC_FILE=$1
DEST_FILE=$2

if [ "${ENCRYPTION_PASSWORD}" != "**None**" ]; then
echo "Encrypting ${SRC_FILE}"
openssl enc -aes-256-cbc -in $SRC_FILE -out ${SRC_FILE}.enc -k $ENCRYPTION_PASSWORD
if [ $? != 0 ]; then
>&2 echo "Error encrypting ${SRC_FILE}"
fi
rm $SRC_FILE
SRC_FILE="${SRC_FILE}.enc"
DEST_FILE="${DEST_FILE}.enc"
fi

if [ "${S3_ENDPOINT}" == "**None**" ]; then
AWS_ARGS=""
else
Expand Down
3 changes: 3 additions & 0 deletions mysql-backup-s3/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ set -e

apk update

# install openssl
apk add openssl

# install mysqldump
apk add mysql-client

Expand Down
1 change: 1 addition & 0 deletions postgres-backup-s3/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ ENV S3_PATH 'backup'
ENV S3_ENDPOINT **None**
ENV S3_S3V4 no
ENV SCHEDULE **None**
ENV ENCRYPTION_PASSWORD **None**

ADD run.sh run.sh
ADD backup.sh backup.sh
Expand Down
3 changes: 3 additions & 0 deletions postgres-backup-s3/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,6 @@ You can additionally set the `SCHEDULE` environment variable like `-e SCHEDULE="

More information about the scheduling can be found [here](http://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules).

### Encryption

You can additionally set the `ENCRYPTION_PASSWORD` environment variable like `-e ENCRYPTION_PASSWORD="superstrongpassword"` to encrypt the backup. It can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`.
18 changes: 16 additions & 2 deletions postgres-backup-s3/backup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,24 @@ POSTGRES_HOST_OPTS="-h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER $POSTG

echo "Creating dump of ${POSTGRES_DATABASE} database from ${POSTGRES_HOST}..."

pg_dump $POSTGRES_HOST_OPTS $POSTGRES_DATABASE | gzip > dump.sql.gz
SRC_FILE=dump.sql.gz
DEST_FILE=${POSTGRES_DATABASE}_$(date +"%Y-%m-%dT%H:%M:%SZ").sql.gz

pg_dump $POSTGRES_HOST_OPTS $POSTGRES_DATABASE | gzip > $SRC_FILE

if [ "${ENCRYPTION_PASSWORD}" != "**None**" ]; then
echo "Encrypting ${SRC_FILE}"
openssl enc -aes-256-cbc -in $SRC_FILE -out ${SRC_FILE}.enc -k $ENCRYPTION_PASSWORD
if [ $? != 0 ]; then
>&2 echo "Error encrypting ${SRC_FILE}"
fi
rm $SRC_FILE
SRC_FILE="${SRC_FILE}.enc"
DEST_FILE="${DEST_FILE}.enc"
fi

echo "Uploading dump to $S3_BUCKET"

cat dump.sql.gz | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/${POSTGRES_DATABASE}_$(date +"%Y-%m-%dT%H:%M:%SZ").sql.gz || exit 2
cat $SRC_FILE | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/$DEST_FILE || exit 2

echo "SQL backup uploaded successfully"
3 changes: 3 additions & 0 deletions postgres-backup-s3/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ set -e

apk update

# install openssl
apk add openssl

# install pg_dump
apk add postgresql

Expand Down