https://github.com/znerol/pfsense-crypt-backup
Write encrypted backup file and metadata as JSON to stdout
https://github.com/znerol/pfsense-crypt-backup
Last synced: 15 days ago
JSON representation
Write encrypted backup file and metadata as JSON to stdout
- Host: GitHub
- URL: https://github.com/znerol/pfsense-crypt-backup
- Owner: znerol
- License: apache-2.0
- Created: 2019-07-22T08:35:40.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2019-07-22T08:35:53.000Z (almost 7 years ago)
- Last Synced: 2025-01-27T06:28:19.394Z (over 1 year ago)
- Language: PHP
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# pfsense-crypt-backup
Write encrypted backup file and metadata as JSON to stdout.
## Installation
1. Copy `crypt-backup.php` to `/usr/local/bin/crypt-backup.php`.
2. `chmod +x /usr/local/bin/crypt-backup.php
## Usage
Local:
```
/usr/local/bin/crypt-backup.php "my super secret passphrase" > pfsense-config.json
```
Remote:
```
ssh root@pfsense /usr/local/bin/crypt-backup.php "my super secret passphrase" > pfsense-config.json
```
## Tips
* Use `jq` to extract encrypted `config.xml` from JSON:
```
jq -r ".content" pfsense-config.json > config.xml
```
* Use `jq` to extract backup metadata from JSON:
```
jq "del(.content)" pfsense-config.json > meta.json
```
* Add restricted SSH key to pfsense admin account which is only capable of pulling an encrypted backup.
```
no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding,command="/usr/local/bin/crypt-backup.php 'super secret passphrase'" ssh-rsa AAAAB3[...]
```