From f931dd939cd5109906399bd470497c9831e5d2f7 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 15 Nov 2020 19:43:33 +0100 Subject: [PATCH] Add cryptography to consul backup --- app/build/backup-consul/Dockerfile | 7 +++++++ app/build/backup-consul/do_backup.sh | 7 ++++--- app/deployment/backup.hcl | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile index ff052bf..0a5c38f 100644 --- a/app/build/backup-consul/Dockerfile +++ b/app/build/backup-consul/Dockerfile @@ -1,5 +1,12 @@ +FROM golang:buster as builder + +WORKDIR /root +RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age . + FROM amd64/debian:buster +COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age + RUN apt-get update && \ apt-get -qq -y full-upgrade && \ apt-get install -y rsync wget openssh-client unzip && \ diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh index 049c998..4dbae2a 100755 --- a/app/build/backup-consul/do_backup.sh +++ b/app/build/backup-consul/do_backup.sh @@ -13,7 +13,8 @@ Host backuphost User $TARGET_SSH_USER EOF -consul kv export > consul_kv_dump.json -gzip consul_kv_dump.json +consul kv export | \ + gzip | \ + age -r "$(cat /root/.ssh/id_ed25519.pub)" | \ + ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age" -rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/" diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl index 8b5162c..d0c3fc8 100644 --- a/app/deployment/backup.hcl +++ b/app/deployment/backup.hcl @@ -15,7 +15,7 @@ job "backup_periodic" { driver = "docker" config { - image = "lxpz/backup_consul:9" + image = "lxpz/backup_consul:11" volumes = [ "secrets/id_ed25519:/root/.ssh/id_ed25519", "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",