{"id":27301368,"url":"https://github.com/webtranslateit/safe","last_synced_at":"2026-04-19T19:32:30.231Z","repository":{"id":167487514,"uuid":"643115888","full_name":"webtranslateit/safe","owner":"webtranslateit","description":"Simple backup for MySQL, PostgreSQL and files, to Amazon S3, Cloudfiles or filesystems using SFTP/SCP","archived":false,"fork":false,"pushed_at":"2024-04-08T08:03:15.000Z","size":374,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-04-08T09:28:39.894Z","etag":null,"topics":["backup","mongodb","mysql","postgresql","s3","scp","sftp"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"astrails/safe","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webtranslateit.png","metadata":{"files":{"readme":"README.markdown","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-05-20T06:33:53.000Z","updated_at":"2024-04-15T06:47:24.633Z","dependencies_parsed_at":null,"dependency_job_id":"f1b063dc-32a9-4e04-b247-3be0aa05a839","html_url":"https://github.com/webtranslateit/safe","commit_stats":null,"previous_names":["webtranslateit/safe"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webtranslateit%2Fsafe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webtranslateit%2Fsafe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webtranslateit%2Fsafe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webtranslateit%2Fsafe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webtranslateit","download_url":"https://codeload.github.com/webtranslateit/safe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248505938,"owners_count":21115354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup","mongodb","mysql","postgresql","s3","scp","sftp"],"created_at":"2025-04-12T01:45:44.540Z","updated_at":"2026-04-19T19:32:30.188Z","avatar_url":"https://github.com/webtranslateit.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# webtranslateit-safe\n\nSimple database and filesystem backups with Amazon S3 support (with optional encryption).\n\nThis is a fork of now abandonned [astrails-safe](https://github.com/astrails/safe) that we’ve been using since 2010. It is now unmaintained and not compatible with ruby 3.2, so we forked it.\n\nWe’ve added:\n\n- Support for ruby 3.2\n- Standardized code with rubocop\n- Added support for SCP transfers — On some conditions with servers with higher latency, transfering large files (\u003e 18GB) with SFTP can take a very long time.\n- Removed svndump feature\n- Removed FTP transfer feature\n\n## Installation\n\n    gem install webtranslateit-safe\n\n## Reporting problems\n\nPlease report problems at the [Issues tracker](http://github.com/webtranslateit/safe/issues)\n\n## Usage\n\n    Usage:\n       webtranslateit-safe [OPTIONS] CONFIG_FILE\n    Options:\n      -h, --help           This help screen\n      -v, --verbose        be verbose, duh!\n      -n, --dry-run        just pretend, don't do anything.\n      -L, --local          skip remote storage, only do local backups\n\nNote: CONFIG\\_FILE will be created from template if missing\n\n## Encryption\n\nIf you want to encrypt your backups you have 2 options:\n* use simple password encryption\n* use GPG public key encryption\n\n\u003e IMPORTANT: some gpg installations automatically set 'use-agent' option in the default\n\u003e configuration file that is created when you run gpg for the first time. This will cause\n\u003e gpg to fail on the 2nd run if you don't have the agent running. The result is that\n\u003e 'webtranslateit-safe' will work ONCE when you manually test it and then fail on any subsequent run.\n\u003e The solution is to remove the 'use-agent' from the config file (usually /root/.gnupg/gpg.conf)\n\u003e To mitigate this problem for the gpg 1.x series '--no-use-agent' option is added by defaults\n\u003e to the autogenerated config file, but for gpg2 is doesn't work. as the manpage says it:\n\u003e \"This is dummy option. gpg2 always requires the agent.\" :(\n\nFor simple password, just add password entry in gpg section.\nFor public key encryption you will need to create a public/secret keypair.\n\nWe recommend to create your GPG keys only on your local machine and then\ntransfer your public key to the server that will do the backups.\n\nThis way the server will only know how to encrypt the backups but only you\nwill be able to decrypt them using the secret key you have locally. Of course\nyou MUST backup your backup encryption key :)\nWe recommend also pringing the hard paper copy of your GPG key 'just in case'.\n\nThe procedure to create and transfer the key is as follows:\n\n1. run `gpg --gen-key` on your local machine and follow onscreen instructions to create the key\n   (you can accept all the defaults).\n\n2. extract your public key into a file (assuming you used test@example.com as your key email):\n   `gpg -a --export test@example.com \u003e test@example.com.pub`\n\n3. transfer public key to the server\n   `scp test@example.com.pub root@example.com:`\n\n4. import public key on the remote system:\n\n``` bash\n$ gpg --import test@example.com.pub\ngpg: key 45CA9403: public key \"Test Backup \u003ctest@example.com\u003e\" imported\ngpg: Total number processed: 1\ngpg:               imported: 1\n```\n\n5. since we don't keep the secret part of the key on the remote server, gpg has\n   no way to know its yours and can be trusted.\n   To fix that we can sign it with other trusted key, or just directly modify its\n   trust level in gpg (use level 5):\n\n``` bash\n$ gpg --edit-key test@example.com\n...\nCommand\u003e trust\n...\n1 = I don't know or won't say\n2 = I do NOT trust\n3 = I trust marginally\n4 = I trust fully\n5 = I trust ultimately\nm = back to the main menu\n\nYour decision? 5\n...\nCommand\u003e quit\n```\n\n6. export your secret key for backup\n   (we recommend to print it on paper and burn to a CD/DVD and store in a safe place):\n\n``` bash\n$ gpg -a --export-secret-key test@example.com \u003e test@example.com.key\n```\n## Example configuration\n\n``` ruby\nsafe do\n  verbose true\n\n  local path: \"/backup/:kind/:id\"\n\n  s3 do\n    key \"....................\"\n    secret \"........................................\"\n    bucket \"backup.astrails.com\"\n    path \"servers/alpha/:kind/:id\"\n  end\n\n  sftp do\n    host \"sftp.astrails.com\"\n    user \"astrails\"\n    # port 8023\n    password \"ssh password for sftp\"\n    use_scp: true # use SCP if possible\n  end\n\n  gpg do\n    command \"/usr/local/bin/gpg\"\n    options  \"--no-use-agent\"\n    # symmetric encryption key\n    # password \"qwe\"\n\n    # public GPG key (must be known to GPG, i.e. be on the keyring)\n    key \"backup@astrails.com\"\n  end\n\n  keep do\n    local 20\n    s3 100\n    sftp 100\n  end\n\n  mysqldump do\n    options \"-ceKq --single-transaction --create-options\"\n\n    user \"root\"\n    password \"............\"\n    socket \"/var/run/mysqld/mysqld.sock\"\n\n    database :blog\n    database :servershape\n    database :astrails_com\n    database :secret_project_com do\n      skip_tables \"foo\"\n      skip_tables [\"bar\", \"baz\"]\n    end\n\n  end\n\n  pgdump do\n    options \"-i -x -O\"   # -i =\u003e ignore version, -x =\u003e do not dump privileges (grant/revoke), -O =\u003e skip restoration of object ownership in plain text format\n\n    user \"username\"\n    password \"............\"  # shouldn't be used, instead setup ident.  Current functionality exports a password env to the shell which pg_dump uses - untested!\n\n    database :blog\n    database :stateofflux_com\n  end\n\n  tar do\n    options \"-h\" # dereference symlinks\n    archive \"git-repositories\", files: \"/home/git/repositories\"\n    archive \"dot-configs\",      files: \"/home/*/.[^.]*\"\n    archive \"etc\",              files: \"/etc\", exclude: \"/etc/puppet/other\"\n\n    archive \"blog-astrails-com\" do\n      files \"/var/www/blog.astrails.com/\"\n      exclude \"/var/www/blog.astrails.com/log\"\n      exclude \"/var/www/blog.astrails.com/tmp\"\n    end\n\n    archive \"astrails-com\" do\n      files \"/var/www/astrails.com/\"\n      exclude [\"/var/www/astrails.com/log\", \"/var/www/astrails.com/tmp\"]\n    end\n  end\nend\n```\n\n## Copyright\n\nCopyright (c) 2010-2023 WebTranslateIt Software SL. See LICENSE.txt for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebtranslateit%2Fsafe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebtranslateit%2Fsafe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebtranslateit%2Fsafe/lists"}