Backup Maker
NOTICE: Sadly, we no longer have power to maintain Backup Repository ecosystem as it grew up pretty big and we are not a full-time employeed development team. Feel free to maintain a fork.
Tiny backup client packed in a single binary. Interacts with a Backup Repository server to store files, uses GPG to secure your
backups even against the server administrator.
Features:
- Captures output from user-defined Backup/Restore commands
- Automated, optional GPG support enables easy to use E2E encryption
- Buffered upload of backup made on-the-fly requires no additional disk space to create backup
- Small, single binary, can be injected into container or distributed as a lightweight container
Notice: You need to have backup of your encryption private key. Lost encryption key means your backups are unreadable!
Usage
Getting backup-maker
Take a look at releases tab and pick a version suitable for your platform. We support Unix-like platforms, there is no support for Windows.
You can use eget as a 'package manager' to install backup-maker
# for pre-release
eget --pre-release riotkit-org/br-backup-maker --to /usr/local/bin/backup-maker
# for latest stable release
eget riotkit-org/br-backup-maker --to /usr/local/bin/backup-makerCreating backup
# most of commandline switches can be replaced with environment variables, check the table in other section of documentation
export BM_AUTH_TOKEN="some-token"; \
export BM_COLLECTION_ID="111-222-333-444"; \
export BM_PASSPHRASE="riotkit"; \
backup-maker make --url https://example.org \
-c "tar -zcvf - ./" \
--key build/test/backup.key \
--log-level infoRestoring a backup
# commandline switches could be there also replaced with environment variables
backup-maker restore --url $$(cat .build/test/domain.txt) \
-i $$(cat .build/test/collection-id.txt) \
-t $$(cat .build/test/auth-token.txt) \
-c "cat - > /tmp/test" \
--private-key .build/test/backup.key \
--passphrase riotkit \
--log-level debugBackup - How it works?
This list of steps includes only steps that are done inside Backup Maker, to understand whole flow
please take a look at Backup Controller documentation.
Note: GPG steps are optional
gpgkeys are loaded- Command specified in
--cmdor in-cis executed - Result of the command, it's stdout is transferred to the
gpgprocess - From
gpgprocess the encoded data is buffered directly to the server - Feedback is returned
Restore - How it works?
It is very similar as in backup operation.
gpgkeys are loaded- Command specified in
--cmdor in-cis executed gpgprocess is started- Backup download is starting
- Backup is transmitted on the fly from server to
gpg-> our shell command - Our shell
--cmd/-ccommand is taking stdin and performing a restore action - Feedback is returned
Automated procedures
Our suggested approach is to maintain a community-driven repository of automation scripts templates together with a tool that generates Backup & Restore procedures. Those procedures could be easily understood and be customized by the user.
Documentation for 'bmg' (Backup Maker procedure Generator)
Hints
- Skip
--private-keyand--passphraseto disable GPG - Use
debuglog level to see GPG output and more verbose output at all - Increase encryption/decryption performance by disabling armoring
Proposed usage
Scenario 1: Standalone binary running from crontab
Just schedule a cronjob that would trigger backup-maker make with proper switches. Create a helper script to easily restore backup as a part
of a disaster recovery plan.
Scenario 2: Dockerized applications, keep it inside application container
Pack backup-maker into docker image and trigger backups from internal or external crontab, jobber or other scheduler.
Scenario 3: Kubernetes usage with plain kind: Crojob resources
Use bmg to generate Kubernetes resources that could be applied to cluster with kubectl or added to repository and applied by FluxCD or ArgoCD.
Scenario 4: Kubernetes usage with Argo Workflows or Tekton
Create a definition of an Argo Workflow or Tekton Pipeline that will spawn a Kubernetes job with defined token, collection id, command, GPG key.
Scenario 5: Kubernetes usage with a dedicated controller - Backup Maker Controller (RECOMMENDED FOR KUBERNETES)
Use CRD's to configure Backup & Restore procedures in your cluster. Store CRD's in a git repository and use ArgoCD or FluxCD for synchronization.
Environment variables
Environment variables are optional, if present will cover values of appropriate commandline switches.
| Type | Name | Description |
|---|---|---|
| path | BM_PUBLIC_KEY_PATH | Path to the public key used for encryption |
| string | BM_CMD | Command used to encrypt or decrypt (depends on context) |
| string | BM_PASSPHRASE | Passphrase for the GPG key |
| string | BM_VERSION | Version to restore (defaults to "latest"), e.g. v1 |
| BM_RECIPIENT | E-mail address of GPG recipient key | |
| url | BM_URL | Backup Repository URL address e.g. https://example.org |
| uuidv4 | BM_COLLECTION_ID | Existing collection ID |
| jwt | BM_AUTH_TOKEN | JSON Web Token generated in Backup Repository that allows to write to given collection id |
| integer | BM_TIMEOUT | Connection and read timeouts in seconds |
| path | BM_PRIVATE_KEY_PATH | GPG private key used to decrypt backup |