https://github.com/kometen/backup-db
Read secrets from Azure Key Vault and backup a PostgreSQL database
https://github.com/kometen/backup-db
1password-cli azure-key-vault pgdump
Last synced: 8 months ago
JSON representation
Read secrets from Azure Key Vault and backup a PostgreSQL database
- Host: GitHub
- URL: https://github.com/kometen/backup-db
- Owner: kometen
- License: mit
- Created: 2024-10-03T21:38:11.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-06T08:42:21.000Z (over 1 year ago)
- Last Synced: 2025-01-11T01:14:57.619Z (over 1 year ago)
- Topics: 1password-cli, azure-key-vault, pgdump
- Language: Rust
- Homepage: https://github.com/kometen/backup-db
- Size: 102 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# backup_db
A wrapper around pg_dump so information about host to connect to, database, password is retrieved from Azure Key Vault
and URL to Azure Key Vault from 1password thus avoiding storing passwords in cleartext locally.
Requires 1password and Azure command line utilities installed locally, an Azure-subscription, a PostgreSQL-client.
Log in with `az login`.
Some settings can be set in a `.env` file like this:
```
BUFFER_SIZE=16384
COMPRESSION_METHOD=lz4
FILE_PREFIX=production
FOLDER=backup
```
Add the following secrets to Azure Key Vault:
```
db-host
db-name
db-pwd
db-user
db-domain
```
Add an entry in 1password that can be accessed by the program. The path is formatted in Rust.
```
let op_path = format!("op://Production/AzureKeyVault{}/url", key);
```
An example of a path can be `op://Production/AzureKeyVaultInvoice/url`. The path can be changed to suit your own
requirement with the format `op://[vault-name]/[password-item]/[value]` in 1password.
Clone the repository, test, build and run with
```
cargo test
cargo build [--release]
./target/release/backup_db -n invoice
```
Install via brew tap.
```
brew tap kometen/backup-db
brew install backup-db
```
Build and run the container-image.
```
docker build -t backup_db:dev .
docker run --user backup_db_user backup_db:dev
```
The container will not inherit the environment from the shell so running from the container will not work.
Based on an example from https://github.com/Azure/azure-sdk-for-rust/blob/main/sdk/security_keyvault/examples/get_secret.rs
and guidance from both ChatGPT and Claude. Used the editor zed at `https://github.com/zed-industries/zed`.