jkaninda/pg-bkup
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

feat: add encrypt backup using public key, migrate gpg to go gpg dependency

Browse Source
This commit is contained in:
Jonas Kaninda
2024-10-08 22:12:54 +02:00
parent dbed77ac8a
commit 2b58998643
8 changed files with 55 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/how-tos/encrypt-backup.md
View File

@@ -10,15 +10,17 @@ The image supports encrypting backups using one of two available methods: GPG wi
## Using GPG passphrase
The image supports encrypting backups using GPG out of the box. In case a `GPG_PASSPHRASE` environment variable is set, the backup archive will be encrypted using the given key and saved as a sql.gpg file instead or sql.gz.gpg.
The image supports encrypting backups using GPG out of the box. In case a `GPG_PASSPHRASE` or `GPG_PUBLIC_KEY` environment variable is set, the backup archive will be encrypted using the given key and saved as a sql.gpg file instead or sql.gz.gpg.
{: .warning }
To restore an encrypted backup, you need to provide the same GPG passphrase used during backup process.
Or
- GPG home directory `/config/gnupg`
- Cipher algorithm `aes256`
{: .note }
The backup encrypted using `GPG passphrase` method can be restored automatically, no need to decrypt it before restoration.
To decrypt manually, you need to install `gnupg`
@@ -27,7 +29,10 @@ gpg --batch --passphrase "my-passphrase" \
--output database_20240730_044201.sql.gz \
--decrypt database_20240730_044201.sql.gz.gpg
```
Using your private key
```shell
gpg --output database_20240730_044201.sql.gz --decrypt database_20240730_044201.sql.gz.gpg
```
### Backup
```yml
@@ -56,4 +61,3 @@ services:
networks:
web:
```
## Using GPG public key