feat: add encrypt backup using public key, migrate gpg to go gpg dependency

2025-12-06 05:29:41 +01:00 · 2024-10-08 23:02:46 +02:00
parent dabba2050a
commit fe05fe5110
10 changed files with 357 additions and 105 deletions
--- a/pkg/backup.go
+++ b/pkg/backup.go
@@ -64,7 +64,8 @@ func scheduledMode(db *dbConfig, config *BackupConfig) {
 	select {}
 }
 func BackupTask(db *dbConfig, config *BackupConfig) {
-	//Generate backup file name
+	utils.Info("Starting backup task...")
+	//Generate file name
 	backupFileName := fmt.Sprintf("%s_%s.sql.gz", db.dbName, time.Now().Format("20060102_150405"))
 	if config.disableCompression {
 		backupFileName = fmt.Sprintf("%s_%s.sql", db.dbName, time.Now().Format("20060102_150405"))
@@ -79,6 +80,7 @@ func BackupTask(db *dbConfig, config *BackupConfig) {
 		sshBackup(db, config)
 	case "ftp", "FTP":
 		ftpBackup(db, config)
+		//utils.Fatal("Not supported storage type: %s", config.storage)
 	default:
 		localBackup(db, config)
 	}
@@ -86,24 +88,20 @@ func BackupTask(db *dbConfig, config *BackupConfig) {

 // BackupDatabase backup database
 func BackupDatabase(db *dbConfig, backupFileName string, disableCompression bool) {
+
 	storagePath = os.Getenv("STORAGE_PATH")

-	err := utils.CheckEnvVars(dbHVars)
-	if err != nil {
-		utils.Error("Please make sure all required environment variables for database are set")
-		utils.Fatal("Error checking environment variables: %s", err)
-	}
-
 	utils.Info("Starting database backup...")
-	err = os.Setenv("MYSQL_PWD", db.dbPassword)
+
+	err := os.Setenv("PGPASSWORD", db.dbPassword)
 	if err != nil {
 		return
 	}
 	testDatabaseConnection(db)
-
 	// Backup Database database
 	utils.Info("Backing up database...")

+	// Verify is compression is disabled
 	if disableCompression {
 		// Execute mysqldump
 		cmd := exec.Command("mysqldump",
@@ -160,9 +158,10 @@ func localBackup(db *dbConfig, config *BackupConfig) {
 	BackupDatabase(db, config.backupFileName, disableCompression)
 	finalFileName := config.backupFileName
 	if config.encryption {
-		encryptBackup(config.backupFileName, config.passphrase)
+		encryptBackup(config)
 		finalFileName = fmt.Sprintf("%s.%s", config.backupFileName, gpgExtension)
 	}
+
 	utils.Info("Backup name is %s", finalFileName)
 	moveToBackup(finalFileName, storagePath)
 	//Send notification
@@ -183,14 +182,15 @@ func s3Backup(db *dbConfig, config *BackupConfig) {
 	BackupDatabase(db, config.backupFileName, disableCompression)
 	finalFileName := config.backupFileName
 	if config.encryption {
-		encryptBackup(config.backupFileName, config.passphrase)
+		encryptBackup(config)
 		finalFileName = fmt.Sprintf("%s.%s", config.backupFileName, "gpg")
 	}
 	utils.Info("Uploading backup archive to remote storage S3 ... ")
+
 	utils.Info("Backup name is %s", finalFileName)
 	err := UploadFileToS3(tmpPath, finalFileName, bucket, s3Path)
 	if err != nil {
-		utils.Fatal("Error uploading file to S3: %s ", err)
+		utils.Fatal("Error uploading backup archive to S3: %s ", err)

 	}

@@ -213,15 +213,13 @@ func s3Backup(db *dbConfig, config *BackupConfig) {
 	//Delete temp
 	deleteTemp()
 }
-
-// sshBackup backup database to SSH remote server
 func sshBackup(db *dbConfig, config *BackupConfig) {
 	utils.Info("Backup database to Remote server")
 	//Backup database
 	BackupDatabase(db, config.backupFileName, disableCompression)
 	finalFileName := config.backupFileName
 	if config.encryption {
-		encryptBackup(config.backupFileName, config.passphrase)
+		encryptBackup(config)
 		finalFileName = fmt.Sprintf("%s.%s", config.backupFileName, "gpg")
 	}
 	utils.Info("Uploading backup archive to remote storage ... ")
@@ -235,7 +233,7 @@ func sshBackup(db *dbConfig, config *BackupConfig) {
 	//Delete backup file from tmp folder
 	err = utils.DeleteFile(filepath.Join(tmpPath, finalFileName))
 	if err != nil {
-		fmt.Println("Error deleting file: ", err)
+		utils.Error("Error deleting file: %v", err)

 	}
 	if config.prune {
@@ -256,7 +254,7 @@ func ftpBackup(db *dbConfig, config *BackupConfig) {
 	BackupDatabase(db, config.backupFileName, disableCompression)
 	finalFileName := config.backupFileName
 	if config.encryption {
-		encryptBackup(config.backupFileName, config.passphrase)
+		encryptBackup(config)
 		finalFileName = fmt.Sprintf("%s.%s", config.backupFileName, "gpg")
 	}
 	utils.Info("Uploading backup archive to the remote FTP server ... ")
@@ -286,11 +284,18 @@ func ftpBackup(db *dbConfig, config *BackupConfig) {
 	deleteTemp()
 }

-// encryptBackup encrypt backup
-func encryptBackup(backupFileName, passphrase string) {
-	err := Encrypt(filepath.Join(tmpPath, backupFileName), passphrase)
-	if err != nil {
-		utils.Fatal("Error during encrypting backup %s", err)
+func encryptBackup(config *BackupConfig) {
+	if config.usingKey {
+		err := encryptWithGPGPublicKey(filepath.Join(tmpPath, config.backupFileName), config.publicKey)
+		if err != nil {
+			utils.Fatal("error during encrypting backup %v", err)
+		}
+	} else if config.passphrase != "" {
+		err := encryptWithGPG(filepath.Join(tmpPath, config.backupFileName), config.passphrase)
+		if err != nil {
+			utils.Fatal("error during encrypting backup %v", err)
+		}
+
 	}

 }
--- a/pkg/config.go
+++ b/pkg/config.go
@@ -40,9 +40,11 @@ type BackupConfig struct {
 	backupRetention    int
 	disableCompression bool
 	prune              bool
-	encryption         bool
 	remotePath         string
+	encryption         bool
+	usingKey           bool
 	passphrase         string
+	publicKey          string
 	storage            string
 	cronExpression     string
 }
@@ -163,10 +165,14 @@ func initBackupConfig(cmd *cobra.Command) *BackupConfig {
 	_ = utils.GetEnv(cmd, "path", "AWS_S3_PATH")
 	cronExpression := os.Getenv("BACKUP_CRON_EXPRESSION")

-	if passphrase != "" {
+	publicKeyFile, err := checkPubKeyFile(os.Getenv("GPG_PUBLIC_KEY"))
+	if err == nil {
 		encryption = true
+		usingKey = true
+	} else if passphrase != "" {
+		encryption = true
+		usingKey = false
 	}
-
 	//Initialize backup configs
 	config := BackupConfig{}
 	config.backupRetention = backupRetention
@@ -176,17 +182,21 @@ func initBackupConfig(cmd *cobra.Command) *BackupConfig {
 	config.encryption = encryption
 	config.remotePath = remotePath
 	config.passphrase = passphrase
+	config.publicKey = publicKeyFile
+	config.usingKey = usingKey
 	config.cronExpression = cronExpression
 	return &config
 }

 type RestoreConfig struct {
-	s3Path        string
-	remotePath    string
-	storage       string
-	file          string
-	bucket        string
-	gpqPassphrase string
+	s3Path     string
+	remotePath string
+	storage    string
+	file       string
+	bucket     string
+	usingKey   bool
+	passphrase string
+	privateKey string
 }

 func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
@@ -199,7 +209,14 @@ func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
 	storage = utils.GetEnv(cmd, "storage", "STORAGE")
 	file = utils.GetEnv(cmd, "file", "FILE_NAME")
 	bucket := utils.GetEnvVariable("AWS_S3_BUCKET_NAME", "BUCKET_NAME")
-	gpqPassphrase := os.Getenv("GPG_PASSPHRASE")
+	passphrase := os.Getenv("GPG_PASSPHRASE")
+	privateKeyFile, err := checkPrKeyFile(os.Getenv("GPG_PRIVATE_KEY"))
+	if err == nil {
+		usingKey = true
+	} else if passphrase != "" {
+		usingKey = false
+	}
+
 	//Initialize restore configs
 	rConfig := RestoreConfig{}
 	rConfig.s3Path = s3Path
@@ -208,7 +225,9 @@ func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
 	rConfig.bucket = bucket
 	rConfig.file = file
 	rConfig.storage = storage
-	rConfig.gpqPassphrase = gpqPassphrase
+	rConfig.passphrase = passphrase
+	rConfig.usingKey = usingKey
+	rConfig.privateKey = privateKeyFile
 	return &rConfig
 }
 func initTargetDbConfig() *targetDbConfig {
--- a/pkg/encrypt.go
+++ b/pkg/encrypt.go
@@ -7,54 +7,173 @@
 package pkg

 import (
+	"errors"
+	"fmt"
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/jkaninda/mysql-bkup/utils"
 	"os"
-	"os/exec"
 	"strings"
 )

-func Decrypt(inputFile string, passphrase string) error {
-	utils.Info("Decrypting backup file: " + inputFile + " ...")
-	//Create gpg home dir
-	err := utils.MakeDirAll(gpgHome)
+// decryptWithGPG decrypts backup file using a passphrase
+func decryptWithGPG(inputFile string, passphrase string) error {
+	utils.Info("Decrypting backup using passphrase...")
+	// Read the encrypted file
+	encFileContent, err := os.ReadFile(inputFile)
 	if err != nil {
-		return err
+		return errors.New(fmt.Sprintf("Error reading encrypted file: %s", err))
 	}
-	utils.SetEnv("GNUPGHOME", gpgHome)
-	cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--output", RemoveLastExtension(inputFile), "--decrypt", inputFile)
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-
-	err = cmd.Run()
+	// Define the passphrase used to encrypt the file
+	_passphrase := []byte(passphrase)
+	// Create a PGP message object from the encrypted file content
+	encryptedMessage := crypto.NewPGPMessage(encFileContent)
+	// Decrypt the message using the passphrase
+	plainMessage, err := crypto.DecryptMessageWithPassword(encryptedMessage, _passphrase)
 	if err != nil {
-		return err
+		return errors.New(fmt.Sprintf("Error decrypting file: %s", err))
 	}

+	// Save the decrypted file (restore it)
+	err = os.WriteFile(RemoveLastExtension(inputFile), plainMessage.GetBinary(), 0644)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error saving decrypted file: %s", err))
+	}
+	utils.Info("Decrypting backup using passphrase...done")
 	utils.Info("Backup file decrypted successful!")
 	return nil
 }

-func Encrypt(inputFile string, passphrase string) error {
-	utils.Info("Encrypting backup...")
-	//Create gpg home dir
-	err := utils.MakeDirAll(gpgHome)
+// encryptWithGPG encrypts backup using a passphrase
+func encryptWithGPG(inputFile string, passphrase string) error {
+	utils.Info("Encrypting backup using passphrase...")
+	// Read the file to be encrypted
+	plainFileContent, err := os.ReadFile(inputFile)
 	if err != nil {
-		return err
+		return errors.New(fmt.Sprintf("Error reading file: %s", err))
 	}
-	utils.SetEnv("GNUPGHOME", gpgHome)
-	cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--symmetric", "--cipher-algo", algorithm, inputFile)
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
+	// Define the passphrase to encrypt the file
+	_passphrase := []byte(passphrase)

-	err = cmd.Run()
+	// Create a message object from the file content
+	message := crypto.NewPlainMessage(plainFileContent)
+	// Encrypt the message using the passphrase
+	encryptedMessage, err := crypto.EncryptMessageWithPassword(message, _passphrase)
 	if err != nil {
-		return err
+		return errors.New(fmt.Sprintf("Error encrypting backup file: %s", err))
 	}
-
+	// Save the encrypted .tar file
+	err = os.WriteFile(fmt.Sprintf("%s.%s", inputFile, gpgExtension), encryptedMessage.GetBinary(), 0644)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error saving encrypted filee: %s", err))
+	}
+	utils.Info("Encrypting backup using passphrase...done")
 	utils.Info("Backup file encrypted successful!")
 	return nil
 }

+// encryptWithGPGPublicKey encrypts backup using a public key
+func encryptWithGPGPublicKey(inputFile string, publicKey string) error {
+	utils.Info("Encrypting backup using public key...")
+	// Read the public key
+	pubKeyBytes, err := os.ReadFile(publicKey)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error reading public key: %s", err))
+	}
+	// Create a new keyring with the public key
+	publicKeyObj, err := crypto.NewKeyFromArmored(string(pubKeyBytes))
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error parsing public key: %s", err))
+	}
+
+	keyRing, err := crypto.NewKeyRing(publicKeyObj)
+	if err != nil {
+
+		return errors.New(fmt.Sprintf("Error creating key ring: %v", err))
+	}
+
+	// Read the file to encryptWithGPGPublicKey
+	fileContent, err := os.ReadFile(inputFile)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error reading file: %v", err))
+	}
+
+	// encryptWithGPG the file
+	message := crypto.NewPlainMessage(fileContent)
+	encMessage, err := keyRing.Encrypt(message, nil)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error encrypting file: %v", err))
+	}
+
+	// Save the encrypted file
+	err = os.WriteFile(fmt.Sprintf("%s.%s", inputFile, gpgExtension), encMessage.GetBinary(), 0644)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error saving encrypted file: %v", err))
+	}
+	utils.Info("Encrypting backup using public key...done")
+	utils.Info("Backup file encrypted successful!")
+	return nil
+
+}
+
+// decryptWithGPGPrivateKey decrypts backup file using a private key and passphrase.
+// privateKey GPG private key
+// passphrase GPG passphrase
+func decryptWithGPGPrivateKey(inputFile, privateKey, passphrase string) error {
+	utils.Info("Encrypting backup using private key...")
+
+	// Read the private key
+	priKeyBytes, err := os.ReadFile(privateKey)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error reading private key: %s", err))
+	}
+
+	// Read the password for the private key (if it’s password-protected)
+	password := []byte(passphrase)
+
+	// Create a key object from the armored private key
+	privateKeyObj, err := crypto.NewKeyFromArmored(string(priKeyBytes))
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error parsing private key: %s", err))
+	}
+
+	// Unlock the private key with the password
+	if passphrase != "" {
+		// Unlock the private key with the password
+		_, err = privateKeyObj.Unlock(password)
+		if err != nil {
+			return errors.New(fmt.Sprintf("Error unlocking private key: %s", err))
+		}
+
+	}
+
+	// Create a new keyring with the private key
+	keyRing, err := crypto.NewKeyRing(privateKeyObj)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error creating key ring: %v", err))
+	}
+
+	// Read the encrypted file
+	encFileContent, err := os.ReadFile(inputFile)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error reading encrypted file: %s", err))
+	}
+
+	// decryptWithGPG the file
+	encryptedMessage := crypto.NewPGPMessage(encFileContent)
+	message, err := keyRing.Decrypt(encryptedMessage, nil, 0)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error decrypting file: %s", err))
+	}
+
+	// Save the decrypted file
+	err = os.WriteFile(RemoveLastExtension(inputFile), message.GetBinary(), 0644)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error saving decrypted file: %s", err))
+	}
+	utils.Info("Encrypting backup using public key...done")
+	fmt.Println("File successfully decrypted!")
+	return nil
+}
 func RemoveLastExtension(filename string) string {
 	if idx := strings.LastIndex(filename, "."); idx != -1 {
 		return filename[:idx]
--- a/pkg/helper.go
+++ b/pkg/helper.go
@@ -129,3 +129,45 @@ func intro() {
 	utils.Info("Starting MySQL Backup...")
 	utils.Info("Copyright (c) 2024 Jonas Kaninda ")
 }
+func checkPubKeyFile(pubKey string) (string, error) {
+	// Define possible key file names
+	keyFiles := []string{filepath.Join(gpgHome, "public_key.asc"), filepath.Join(gpgHome, "public_key.gpg"), pubKey}
+
+	// Loop through key file names and check if they exist
+	for _, keyFile := range keyFiles {
+		if _, err := os.Stat(keyFile); err == nil {
+			// File exists
+			return keyFile, nil
+		} else if os.IsNotExist(err) {
+			// File does not exist, continue to the next one
+			continue
+		} else {
+			// An unexpected error occurred
+			return "", err
+		}
+	}
+
+	// Return an error if neither file exists
+	return "", fmt.Errorf("no public key file found")
+}
+func checkPrKeyFile(prKey string) (string, error) {
+	// Define possible key file names
+	keyFiles := []string{filepath.Join(gpgHome, "private_key.asc"), filepath.Join(gpgHome, "private_key.gpg"), prKey}
+
+	// Loop through key file names and check if they exist
+	for _, keyFile := range keyFiles {
+		if _, err := os.Stat(keyFile); err == nil {
+			// File exists
+			return keyFile, nil
+		} else if os.IsNotExist(err) {
+			// File does not exist, continue to the next one
+			continue
+		} else {
+			// An unexpected error occurred
+			return "", err
+		}
+	}
+
+	// Return an error if neither file exists
+	return "", fmt.Errorf("no public key file found")
+}
--- a/pkg/migrate.go
+++ b/pkg/migrate.go
@@ -30,11 +30,13 @@ func StartMigration(cmd *cobra.Command) {

 	//Generate file name
 	backupFileName := fmt.Sprintf("%s_%s.sql", dbConf.dbName, time.Now().Format("20060102_150405"))
+	conf := &RestoreConfig{}
+	conf.file = backupFileName
 	//Backup source Database
 	BackupDatabase(dbConf, backupFileName, true)
 	//Restore source database into target database
 	utils.Info("Restoring [%s] database into [%s] database...", dbConf.dbName, targetDbConf.targetDbName)
-	RestoreDatabase(&newDbConfig, backupFileName)
+	RestoreDatabase(&newDbConfig, conf)
 	utils.Info("[%s] database has been restored into [%s] database", dbConf.dbName, targetDbConf.targetDbName)
 	utils.Info("Database migration completed.")
 }
--- a/pkg/restore.go
+++ b/pkg/restore.go
@@ -24,87 +24,88 @@ func StartRestore(cmd *cobra.Command) {
 	case "local":
 		utils.Info("Restore database from local")
 		copyToTmp(storagePath, restoreConf.file)
-		RestoreDatabase(dbConf, restoreConf.file)
+		RestoreDatabase(dbConf, restoreConf)
 	case "s3", "S3":
-		restoreFromS3(dbConf, restoreConf.file, restoreConf.bucket, restoreConf.s3Path)
-	case "ssh", "SSH":
-		restoreFromRemote(dbConf, restoreConf.file, restoreConf.remotePath)
+		restoreFromS3(dbConf, restoreConf)
+	case "ssh", "SSH", "remote":
+		restoreFromRemote(dbConf, restoreConf)
 	case "ftp", "FTP":
-		restoreFromFTP(dbConf, restoreConf.file, restoreConf.remotePath)
+		restoreFromFTP(dbConf, restoreConf)
 	default:
 		utils.Info("Restore database from local")
 		copyToTmp(storagePath, restoreConf.file)
-		RestoreDatabase(dbConf, restoreConf.file)
+		RestoreDatabase(dbConf, restoreConf)
 	}
 }

-func restoreFromS3(db *dbConfig, file, bucket, s3Path string) {
+func restoreFromS3(db *dbConfig, conf *RestoreConfig) {
 	utils.Info("Restore database from s3")
-	err := DownloadFile(tmpPath, file, bucket, s3Path)
+	err := DownloadFile(tmpPath, conf.file, conf.bucket, conf.s3Path)
 	if err != nil {
-		utils.Fatal("Error download file from s3 %s %v", file, err)
+		utils.Fatal("Error download file from s3 %s %v ", conf.file, err)
 	}
-	RestoreDatabase(db, file)
+	RestoreDatabase(db, conf)
 }
-func restoreFromRemote(db *dbConfig, file, remotePath string) {
+func restoreFromRemote(db *dbConfig, conf *RestoreConfig) {
 	utils.Info("Restore database from remote server")
-	err := CopyFromRemote(file, remotePath)
+	err := CopyFromRemote(conf.file, conf.remotePath)
 	if err != nil {
-		utils.Fatal("Error download file from remote server: %s %v  ", filepath.Join(remotePath, file), err)
+		utils.Fatal("Error download file from remote server: %s %v", filepath.Join(conf.remotePath, conf.file), err)
 	}
-	RestoreDatabase(db, file)
+	RestoreDatabase(db, conf)
 }
-func restoreFromFTP(db *dbConfig, file, remotePath string) {
+func restoreFromFTP(db *dbConfig, conf *RestoreConfig) {
 	utils.Info("Restore database from FTP server")
-	err := CopyFromFTP(file, remotePath)
+	err := CopyFromFTP(conf.file, conf.remotePath)
 	if err != nil {
-		utils.Fatal("Error download file from FTP server: %s %v", filepath.Join(remotePath, file), err)
+		utils.Fatal("Error download file from FTP server: %s %v", filepath.Join(conf.remotePath, conf.file), err)
 	}
-	RestoreDatabase(db, file)
+	RestoreDatabase(db, conf)
 }

 // RestoreDatabase restore database
-func RestoreDatabase(db *dbConfig, file string) {
-	gpgPassphrase := os.Getenv("GPG_PASSPHRASE")
-	if file == "" {
+func RestoreDatabase(db *dbConfig, conf *RestoreConfig) {
+	if conf.file == "" {
 		utils.Fatal("Error, file required")
 	}
-
-	err := utils.CheckEnvVars(dbHVars)
-	if err != nil {
-		utils.Error("Please make sure all required environment variables for database are set")
-		utils.Fatal("Error checking environment variables: %s", err)
-	}
-
-	extension := filepath.Ext(fmt.Sprintf("%s/%s", tmpPath, file))
+	extension := filepath.Ext(filepath.Join(tmpPath, conf.file))
 	if extension == ".gpg" {
-		if gpgPassphrase == "" {
-			utils.Fatal("Error: GPG passphrase is required, your file seems to be a GPG file.\nYou need to provide GPG keys. GPG_PASSPHRASE environment variable is required.")

-		} else {
-			//Decrypt file
-			err := Decrypt(filepath.Join(tmpPath, file), gpgPassphrase)
+		if conf.usingKey {
+			utils.Warn("Backup decryption using a private key is not fully supported")
+			err := decryptWithGPGPrivateKey(filepath.Join(tmpPath, conf.file), conf.privateKey, conf.passphrase)
 			if err != nil {
-				utils.Fatal("Error decrypting file %s %v", file, err)
+				utils.Fatal("error during decrypting backup %v", err)
+			}
+		} else {
+			if conf.passphrase == "" {
+				utils.Error("Error, passphrase or private key required")
+				utils.Fatal("Your file seems to be a GPG file.\nYou need to provide GPG keys. GPG_PASSPHRASE or GPG_PRIVATE_KEY environment variable is required.")
+			} else {
+				//decryptWithGPG file
+				err := decryptWithGPG(filepath.Join(tmpPath, conf.file), conf.passphrase)
+				if err != nil {
+					utils.Fatal("Error decrypting file %s %v", file, err)
+				}
+				//Update file name
+				conf.file = RemoveLastExtension(file)
 			}
-			//Update file name
-			file = RemoveLastExtension(file)
 		}

 	}

-	if utils.FileExists(fmt.Sprintf("%s/%s", tmpPath, file)) {
-		err = os.Setenv("MYSQL_PWD", db.dbPassword)
+	if utils.FileExists(fmt.Sprintf("%s/%s", tmpPath, conf.file)) {
+		err := os.Setenv("MYSQL_PWD", db.dbPassword)
 		if err != nil {
 			return
 		}
 		testDatabaseConnection(db)
 		utils.Info("Restoring database...")

-		extension := filepath.Ext(fmt.Sprintf("%s/%s", tmpPath, file))
+		extension := filepath.Ext(filepath.Join(tmpPath, conf.file))
 		// Restore from compressed file / .sql.gz
 		if extension == ".gz" {
-			str := "zcat " + filepath.Join(tmpPath, file) + " | mysql -h " + db.dbHost + " -P " + db.dbPort + " -u " + db.dbUserName + " " + db.dbName
+			str := "zcat " + filepath.Join(tmpPath, conf.file) + " | mysql -h " + db.dbHost + " -P " + db.dbPort + " -u " + db.dbUserName + " " + db.dbName
 			_, err := exec.Command("sh", "-c", str).Output()
 			if err != nil {
 				utils.Fatal("Error, in restoring the database  %v", err)
@@ -116,7 +117,7 @@ func RestoreDatabase(db *dbConfig, file string) {

 		} else if extension == ".sql" {
 			//Restore from sql file
-			str := "cat " + filepath.Join(tmpPath, file) + " | mysql -h " + db.dbHost + " -P " + db.dbPort + " -u " + db.dbUserName + " " + db.dbName
+			str := "cat " + filepath.Join(tmpPath, conf.file) + " | mysql -h " + db.dbHost + " -P " + db.dbPort + " -u " + db.dbUserName + " " + db.dbName
 			_, err := exec.Command("sh", "-c", str).Output()
 			if err != nil {
 				utils.Fatal("Error in restoring the database %v", err)
@@ -130,6 +131,6 @@ func RestoreDatabase(db *dbConfig, file string) {
 		}

 	} else {
-		utils.Fatal("File not found in %s", filepath.Join(tmpPath, file))
+		utils.Fatal("File not found in %s", filepath.Join(tmpPath, conf.file))
 	}
 }
--- a/pkg/var.go
+++ b/pkg/var.go
@@ -18,6 +18,7 @@ var (
 	storagePath        = "/backup"
 	disableCompression = false
 	encryption         = false
+	usingKey           = false
 )

 // dbHVars Required environment variables for database