feat: add encrypt backup using public key, migrate gpg to go gpg dependency

2025-12-06 13:39:41 +01:00 · 2024-10-08 23:02:46 +02:00
parent dabba2050a
commit fe05fe5110
10 changed files with 357 additions and 105 deletions
--- a/pkg/config.go
+++ b/pkg/config.go
@@ -40,9 +40,11 @@ type BackupConfig struct {
 	backupRetention    int
 	disableCompression bool
 	prune              bool
-	encryption         bool
 	remotePath         string
+	encryption         bool
+	usingKey           bool
 	passphrase         string
+	publicKey          string
 	storage            string
 	cronExpression     string
 }
@@ -163,10 +165,14 @@ func initBackupConfig(cmd *cobra.Command) *BackupConfig {
 	_ = utils.GetEnv(cmd, "path", "AWS_S3_PATH")
 	cronExpression := os.Getenv("BACKUP_CRON_EXPRESSION")

-	if passphrase != "" {
+	publicKeyFile, err := checkPubKeyFile(os.Getenv("GPG_PUBLIC_KEY"))
+	if err == nil {
 		encryption = true
+		usingKey = true
+	} else if passphrase != "" {
+		encryption = true
+		usingKey = false
 	}
-
 	//Initialize backup configs
 	config := BackupConfig{}
 	config.backupRetention = backupRetention
@@ -176,17 +182,21 @@ func initBackupConfig(cmd *cobra.Command) *BackupConfig {
 	config.encryption = encryption
 	config.remotePath = remotePath
 	config.passphrase = passphrase
+	config.publicKey = publicKeyFile
+	config.usingKey = usingKey
 	config.cronExpression = cronExpression
 	return &config
 }

 type RestoreConfig struct {
-	s3Path        string
-	remotePath    string
-	storage       string
-	file          string
-	bucket        string
-	gpqPassphrase string
+	s3Path     string
+	remotePath string
+	storage    string
+	file       string
+	bucket     string
+	usingKey   bool
+	passphrase string
+	privateKey string
 }

 func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
@@ -199,7 +209,14 @@ func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
 	storage = utils.GetEnv(cmd, "storage", "STORAGE")
 	file = utils.GetEnv(cmd, "file", "FILE_NAME")
 	bucket := utils.GetEnvVariable("AWS_S3_BUCKET_NAME", "BUCKET_NAME")
-	gpqPassphrase := os.Getenv("GPG_PASSPHRASE")
+	passphrase := os.Getenv("GPG_PASSPHRASE")
+	privateKeyFile, err := checkPrKeyFile(os.Getenv("GPG_PRIVATE_KEY"))
+	if err == nil {
+		usingKey = true
+	} else if passphrase != "" {
+		usingKey = false
+	}
+
 	//Initialize restore configs
 	rConfig := RestoreConfig{}
 	rConfig.s3Path = s3Path
@@ -208,7 +225,9 @@ func initRestoreConfig(cmd *cobra.Command) *RestoreConfig {
 	rConfig.bucket = bucket
 	rConfig.file = file
 	rConfig.storage = storage
-	rConfig.gpqPassphrase = gpqPassphrase
+	rConfig.passphrase = passphrase
+	rConfig.usingKey = usingKey
+	rConfig.privateKey = privateKeyFile
 	return &rConfig
 }
 func initTargetDbConfig() *targetDbConfig {