{"id":22066511,"url":"https://github.com/vdo/ansible-gpg-backup","last_synced_at":"2025-03-23T18:24:58.371Z","repository":{"id":198500957,"uuid":"700754554","full_name":"vdo/ansible-gpg-backup","owner":"vdo","description":"Ansible role to backup remote files using GnuPG (PGP) encryption ","archived":false,"fork":false,"pushed_at":"2023-10-06T12:53:12.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-29T00:44:46.272Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vdo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-05T08:24:37.000Z","updated_at":"2023-10-06T08:37:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"1802a5e0-1faf-4927-a3c7-b7f760b796be","html_url":"https://github.com/vdo/ansible-gpg-backup","commit_stats":null,"previous_names":["vdo/ansible-gpg-backup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vdo%2Fansible-gpg-backup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vdo%2Fansible-gpg-backup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vdo%2Fansible-gpg-backup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vdo%2Fansible-gpg-backup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vdo","download_url":"https://codeload.github.com/vdo/ansible-gpg-backup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245146603,"owners_count":20568345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-30T19:28:21.147Z","updated_at":"2025-03-23T18:24:58.338Z","avatar_url":"https://github.com/vdo.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"vdo.gpg_backup\n==============\n\nA role to backup remote files using [GnuPG](https://gnupg.org/) to encrypt tarballs, importing keys if necessary.\n\nRequirements\n------------\n\n* [GnuPG](https://gnupg.org/) encryption tool must be installed in the host running the playbook. It's included in most distributions.\n\nHow this role works\n-------------------\n\n* Creates one or more tarballs of the paths defined in `remote_backup_paths`.\n* Downloads the tarballs locally to a temporary path.\n* Encrypts the tarballs with all the recipients defined. Any single recipient can decrypt the files!\n* Safely deletes any unencrypted file left behind, using [shred](https://linux.die.net/man/1/shred).\n\nThe generated files follow the pattern: `{ hostname }_{ path }_{ random string }.tgz.gpg`, converting any dots, slashes and asterisks, for example: `www_example_net__var_log_dmesg@_bxhlndi5.tgz.gpg` would be the backup of `/var/log/dmesg*` from `www.example.net`.\n\nThe recipient strings can be any of the GnuPG accepted user ids, and [they can be many](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html). The recommended one is the **fingerprint**, to avoid ambiguities.\n\nNote: The imported key(s) will be assumed as valid in any case.\n\nRole Variables\n--------------\n|Variable|Description|Default Value\n|---|---|---|\n|`remote_backup_paths`| Paths on the remote host(s) to generate the backups from (required) | []\n|`gpg_recipients`| User ID(s) of the public keys used to encrypt (required)| []\n|`gpg_keyserver`| PGP keystore server to use, in case keys are imported | `hkps://keys.openpgp.org`\n|`gpg_import_keys`| User ID(s) of the public keys to be imported from the keyserver | []\n|`remote_backup_temp_path`| Path in the remote host(s) to store the temporal tarballs |`/tmp`\n|`local_backup_temp_path`| Path in the localhost to store the temporal tarballs |`/tmp`\n|`local_backup_destination`| Destination path of the encrypted backups |`./`\n\nExample Playbook\n----------------\n\n```yaml\n---\n- hosts: all\n  become: true\n  vars:\n    remote_backup_paths:\n      - \"/var/log/audit/*\"\n      - \"/etc/ssl/certs/\"\n    gpg_recipients:\n      - \"DE4EFCA3E1AB9E41CE96CECB18C09E865EC948A1\"\n      - \"someones@email.test\"\n    gpg_keyserver: 'keyserver.ubuntu.com'\n    gpg_import_keys: \n      - \"DE4EFCA3E1AB9E41CE96CECB18C09E865EC948A1\"\n  roles:\n    - vdo.gpg_backup\n```\n\nLicense\n-------\nApache License 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvdo%2Fansible-gpg-backup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvdo%2Fansible-gpg-backup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvdo%2Fansible-gpg-backup/lists"}