Skip to content

Commit d053fcd

Browse files
benderlbenderl
committed
optionally encrypt backup file
1 parent 4a0b66d commit d053fcd

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

runs/backup.sh

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ TEMPDIR=$(mktemp -d --tmpdir openwb_backup_XXXXXX)
99
LOGDIR="$OPENWBBASEDIR/data/log"
1010
LOGFILE="$LOGDIR/backup.log"
1111
HOMEDIR="/home/openwb"
12+
KEYFILE="backup.key"
1213
VAR_LIB="/var/lib"
1314

1415
# Mosquitto DB files to monitor
@@ -245,6 +246,20 @@ create_archive() {
245246
gzip --verbose --suffix "$FILENAMESUFFIX" "$BACKUPFILE"
246247
}
247248

249+
encrypt_backup() {
250+
# encrypt backup file with gpg
251+
if [[ -f "$HOMEDIR/$KEYFILE" ]]; then
252+
echo "encrypting backup file"
253+
gpg --batch --yes --passphrase-file "$HOMEDIR/$KEYFILE" \
254+
--symmetric --cipher-algo AES256 "$BACKUPFILE$FILENAMESUFFIX"
255+
echo "removing unencrypted backup file"
256+
rm -v "$BACKUPFILE$FILENAMESUFFIX"
257+
FILENAMESUFFIX="$FILENAMESUFFIX.gpg"
258+
else
259+
echo "No key found at '$HOMEDIR/$KEYFILE', skipping encryption!"
260+
fi
261+
}
262+
248263
fix_permissions() {
249264
echo "setting permissions of new backup file"
250265
sudo chown openwb:www-data "$BACKUPFILE$FILENAMESUFFIX"
@@ -254,6 +269,7 @@ create_archive() {
254269
create_backup
255270
calculate_checksums
256271
cleanup_and_compress
272+
encrypt_backup
257273
fix_permissions
258274
}
259275

0 commit comments

Comments
 (0)