Add cryptography to consul backup

This commit is contained in:
Alex 2020-11-15 19:43:33 +01:00
parent e2a0c40e6b
commit f931dd939c
3 changed files with 12 additions and 4 deletions

View file

@ -1,5 +1,12 @@
FROM golang:buster as builder
WORKDIR /root
RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
FROM amd64/debian:buster
COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
RUN apt-get update && \
apt-get -qq -y full-upgrade && \
apt-get install -y rsync wget openssh-client unzip && \

View file

@ -13,7 +13,8 @@ Host backuphost
User $TARGET_SSH_USER
EOF
consul kv export > consul_kv_dump.json
gzip consul_kv_dump.json
consul kv export | \
gzip | \
age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age"
rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"

View file

@ -15,7 +15,7 @@ job "backup_periodic" {
driver = "docker"
config {
image = "lxpz/backup_consul:9"
image = "lxpz/backup_consul:11"
volumes = [
"secrets/id_ed25519:/root/.ssh/id_ed25519",
"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",