Add cryptography to consul backup

app/build/backup-consul/Dockerfile

@@ -1,5 +1,12 @@
+FROM golang:buster as builder
+
+WORKDIR /root
+RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
+
 FROM amd64/debian:buster
 
+COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
+
 RUN apt-get update && \
 	apt-get -qq -y full-upgrade && \
 	apt-get install -y rsync wget openssh-client unzip && \

app/build/backup-consul/do_backup.sh

@@ -13,7 +13,8 @@ Host backuphost
 	User $TARGET_SSH_USER
 EOF
 
-consul kv export > consul_kv_dump.json
+consul kv export | \
-gzip consul_kv_dump.json
+	gzip | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age"
 
-rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"

app/deployment/backup.hcl

@@ -15,7 +15,7 @@ job "backup_periodic" {
 		driver = "docker"
 
 			config {
-				image = "lxpz/backup_consul:9"
+				image = "lxpz/backup_consul:11"
 				volumes = [
 					"secrets/id_ed25519:/root/.ssh/id_ed25519",
 					"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",