UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 30 Wiki Activity
Files
0baf741c0b5925adea87836242335248184b700e
dbbackup/tests/encryption_smoke_test.sh
Renz c620860de3 feat: Phase 4 Tasks 3-4 - CLI encryption integration 
Integrated encryption into backup workflow:

cmd/encryption.go:
- loadEncryptionKey() - loads from file or env var
- Supports base64-encoded keys (32 bytes)
- Supports raw 32-byte keys
- Supports passphrases (PBKDF2 derivation)
- Priority: --encryption-key-file > DBBACKUP_ENCRYPTION_KEY

cmd/backup_impl.go:
- encryptLatestBackup() - finds and encrypts single backups
- encryptLatestClusterBackup() - encrypts cluster backups
- findLatestBackup() - locates most recent backup file
- findLatestClusterBackup() - locates cluster backup
- Encryption applied after successful backup
- Integrated into all backup modes (cluster, single, sample)

internal/backup/encryption.go:
- EncryptBackupFile() - encrypts backup in-place
- DecryptBackupFile() - decrypts to new file
- IsBackupEncrypted() - checks metadata/file format
- Updates .meta.json with encryption info
- Replaces original with encrypted version

internal/metadata/metadata.go:
- Added Encrypted bool field
- Added EncryptionAlgorithm string field
- Tracks encryption status in backup metadata

internal/metadata/save.go:
- Helper to save BackupMetadata to .meta.json

tests/encryption_smoke_test.sh:
- Basic smoke test for encryption/decryption
- Verifies data integrity
- Tests with env var key source

CLI Flags (already existed):
--encrypt                      Enable encryption
--encryption-key-file PATH     Key file path
--encryption-key-env VAR       Env var name (default: DBBACKUP_ENCRYPTION_KEY)

Usage Examples:
  # Encrypt with key file
  ./dbbackup backup single mydb --encrypt --encryption-key-file /path/to/key

  # Encrypt with env var
  export DBBACKUP_ENCRYPTION_KEY="base64_encoded_key"
  ./dbbackup backup single mydb --encrypt

  # Cluster backup with encryption
  ./dbbackup backup cluster --encrypt --encryption-key-file key.txt

Features:
 Post-backup encryption (doesn't slow down backup itself)
 In-place encryption (overwrites original)
 Metadata tracking (encrypted flag)
 Multiple key sources (file/env/passphrase)
 Base64 and raw key support
 PBKDF2 for passphrases
 Automatic latest backup detection
 Works with all backup modes

Status: ENCRYPTION FULLY INTEGRATED 
Next: Task 5 - Restore decryption integration
2025-11-26 07:54:25 +00:00

121 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Quick smoke test for encryption feature
set -e
echo "==================================="
echo "Encryption Feature Smoke Test"
echo "==================================="
echo
# Setup
TEST_DIR="/tmp/dbbackup_encrypt_test_$$"
mkdir -p "$TEST_DIR"
cd "$TEST_DIR"
# Generate test key
echo "Step 1: Generate test key..."
echo "test-encryption-key-32bytes!!" > key.txt
KEY_BASE64=$(base64 -w 0 < key.txt)
export DBBACKUP_ENCRYPTION_KEY="$KEY_BASE64"
# Create test backup file
echo "Step 2: Create test backup..."
echo "This is test backup data for encryption testing." > test_backup.dump
echo "It contains multiple lines to ensure proper encryption." >> test_backup.dump
echo "$(date)" >> test_backup.dump
# Create metadata
cat > test_backup.dump.meta.json <<EOF
{
"version": "2.3.0",
"timestamp": "$(date -Iseconds)",
"database": "testdb",
"database_type": "postgresql",
"backup_file": "$TEST_DIR/test_backup.dump",
"size_bytes": $(stat -c%s test_backup.dump),
"sha256": "test",
"compression": "none",
"backup_type": "full",
"encrypted": false
}
EOF
echo "Original backup size: $(stat -c%s test_backup.dump) bytes"
echo "Original content hash: $(md5sum test_backup.dump | cut -d' ' -f1)"
echo
# Test encryption via Go code
echo "Step 3: Test encryption..."
cat > encrypt_test.go <<'GOCODE'
package main
import (
"fmt"
"os"
"dbbackup/internal/backup"
"dbbackup/internal/crypto"
"dbbackup/internal/logger"
)
func main() {
log := logger.New("info", "text")
// Load key from env
keyB64 := os.Getenv("DBBACKUP_ENCRYPTION_KEY")
if keyB64 == "" {
fmt.Println("ERROR: DBBACKUP_ENCRYPTION_KEY not set")
os.Exit(1)
}
// Derive key
salt, _ := crypto.GenerateSalt()
key := crypto.DeriveKey([]byte(keyB64), salt)
// Encrypt
if err := backup.EncryptBackupFile("test_backup.dump", key, log); err != nil {
fmt.Printf("ERROR: Encryption failed: %v\n", err)
os.Exit(1)
}
fmt.Println("✅ Encryption successful")
// Decrypt
if err := backup.DecryptBackupFile("test_backup.dump", "test_backup_decrypted.dump", key, log); err != nil {
fmt.Printf("ERROR: Decryption failed: %v\n", err)
os.Exit(1)
}
fmt.Println("✅ Decryption successful")
}
GOCODE
# Temporarily copy go.mod
cp /root/dbbackup/go.mod .
cp /root/dbbackup/go.sum . 2>/dev/null || true
# Run encryption test
echo "Running Go encryption test..."
go run encrypt_test.go
echo
# Verify decrypted content
echo "Step 4: Verify decrypted content..."
if diff -q test_backup_decrypted.dump <(echo "This is test backup data for encryption testing."; echo "It contains multiple lines to ensure proper encryption.") >/dev/null 2>&1; then
echo "✅ Content verification: PASS (decrypted matches original - first 2 lines)"
else
echo "❌ Content verification: FAIL"
echo "Expected first 2 lines to match"
exit 1
fi
echo
echo "==================================="
echo "✅ All encryption tests PASSED"
echo "==================================="
# Cleanup
cd /
rm -rf "$TEST_DIR"
Reference in New Issue View Git Blame Copy Permalink