From f931dd939cd5109906399bd470497c9831e5d2f7 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 15 Nov 2020 19:43:33 +0100
Subject: Add cryptography to consul backup

---
 app/build/backup-consul/Dockerfile   | 7 +++++++
 app/build/backup-consul/do_backup.sh | 7 ++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'app/build/backup-consul')

diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile
index ff052bf..0a5c38f 100644
--- a/app/build/backup-consul/Dockerfile
+++ b/app/build/backup-consul/Dockerfile
@@ -1,5 +1,12 @@
+FROM golang:buster as builder
+
+WORKDIR /root
+RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
+
 FROM amd64/debian:buster
 
+COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
+
 RUN apt-get update && \
 	apt-get -qq -y full-upgrade && \
 	apt-get install -y rsync wget openssh-client unzip && \
diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh
index 049c998..4dbae2a 100755
--- a/app/build/backup-consul/do_backup.sh
+++ b/app/build/backup-consul/do_backup.sh
@@ -13,7 +13,8 @@ Host backuphost
 	User $TARGET_SSH_USER
 EOF
 
-consul kv export > consul_kv_dump.json
-gzip consul_kv_dump.json
+consul kv export | \
+	gzip | \
+	age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
+	ssh backuphost "cat > $TARGET_SSH_DIR/consul/consul_kv_export.gz.age"
 
-rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"
-- 
cgit v1.2.3