On Thu, Jul 23, 2020 at 3:05 AM Dischner, Anton <Anton.Dischner@xxxxxxxxxxxxxxxxxxx> wrote:
Hi Olivier,
thanks for your hint which is better than my approach.
I did somthing like:
/usr/bin/pg_dumpall --username=postgres | bzip2 > /var/lib/postgresql/backup/"`date +%d-%m-%Y_%H:%M:%S`-"backup_all.sql.bz2
To use encryption: [DRAFT]
tar -czf - ttt | openssl enc -e -aes-256-cbc -pass pass:test -out ttt.tgz
openssl enc -d -aes-256-cbc -pass pass:test -in ttt.tgz | tar xz
As mentioned obove it makes no sense to store the PW in the script.
It does make sense as long as the script is not stored with the encrypted file, but rather only with the unencrypted server (plus backed up someplace else, like on a piece of paper in a safe offsite)
But you can use asymmetric (public key) encryption if you don't want the backing-up user to be able to decrypt at all:
pg_dumpall | gpg --encrypt --recipient ciso@xxxxxxxxxxx > backup.gpg
Cheers,
Jeff
