UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 28 Wiki Activity
Files
c620860de3037a4ad4baa5e05cf05914111ba359
dbbackup/internal/backup
History
Renz c620860de3 feat: Phase 4 Tasks 3-4 - CLI encryption integration 
Integrated encryption into backup workflow:

cmd/encryption.go:
- loadEncryptionKey() - loads from file or env var
- Supports base64-encoded keys (32 bytes)
- Supports raw 32-byte keys
- Supports passphrases (PBKDF2 derivation)
- Priority: --encryption-key-file > DBBACKUP_ENCRYPTION_KEY

cmd/backup_impl.go:
- encryptLatestBackup() - finds and encrypts single backups
- encryptLatestClusterBackup() - encrypts cluster backups
- findLatestBackup() - locates most recent backup file
- findLatestClusterBackup() - locates cluster backup
- Encryption applied after successful backup
- Integrated into all backup modes (cluster, single, sample)

internal/backup/encryption.go:
- EncryptBackupFile() - encrypts backup in-place
- DecryptBackupFile() - decrypts to new file
- IsBackupEncrypted() - checks metadata/file format
- Updates .meta.json with encryption info
- Replaces original with encrypted version

internal/metadata/metadata.go:
- Added Encrypted bool field
- Added EncryptionAlgorithm string field
- Tracks encryption status in backup metadata

internal/metadata/save.go:
- Helper to save BackupMetadata to .meta.json

tests/encryption_smoke_test.sh:
- Basic smoke test for encryption/decryption
- Verifies data integrity
- Tests with env var key source

CLI Flags (already existed):
--encrypt                      Enable encryption
--encryption-key-file PATH     Key file path
--encryption-key-env VAR       Env var name (default: DBBACKUP_ENCRYPTION_KEY)

Usage Examples:
  # Encrypt with key file
  ./dbbackup backup single mydb --encrypt --encryption-key-file /path/to/key

  # Encrypt with env var
  export DBBACKUP_ENCRYPTION_KEY="base64_encoded_key"
  ./dbbackup backup single mydb --encrypt

  # Cluster backup with encryption
  ./dbbackup backup cluster --encrypt --encryption-key-file key.txt

Features:
 Post-backup encryption (doesn't slow down backup itself)
 In-place encryption (overwrites original)
 Metadata tracking (encrypted flag)
 Multiple key sources (file/env/passphrase)
 Base64 and raw key support
 PBKDF2 for passphrases
 Automatic latest backup detection
 Works with all backup modes

Status: ENCRYPTION FULLY INTEGRATED 
Next: Task 5 - Restore decryption integration
2025-11-26 07:54:25 +00:00
..
encryption.go
feat: Phase 4 Tasks 3-4 - CLI encryption integration
2025-11-26 07:54:25 +00:00
engine.go
feat: v2.0 Sprint 2 - Auto-Upload to Cloud (Part 2)
2025-11-25 19:44:52 +00:00
incremental_extract.go
feat: Step 6 - Implement RestoreIncremental() for PostgreSQL
2025-11-26 07:04:34 +00:00
incremental_postgres.go
feat: Step 6 - Implement RestoreIncremental() for PostgreSQL
2025-11-26 07:04:34 +00:00
incremental_tar.go
feat: Step 5 - Implement CreateIncrementalBackup() for PostgreSQL
2025-11-26 06:51:32 +00:00
incremental_test.go
feat: Step 7 - Write integration tests for incremental backups
2025-11-26 07:11:01 +00:00
incremental.go
feat: Phase 3A - Incremental backup scaffolding (types, interfaces, metadata)
2025-11-26 06:22:54 +00:00