Giters

bryanchriswhite / .backup

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

.backup

Rationale

This utility is designed to genarate a compressed, secure, single-file backup of highly sensitive data, e.g. encryption keys, api keys, etc.

This is done by using a combination of tar (with and without xz compression) and GPG.

Methodology

  1. For each discrete directory and/or file, generate an xz compressed tarball
  2. GPG encrypt aforementioned tarball; you may choose to encrypt each discrete tarball one of two ways:
  • Asymetrically: You may choose which GPG recipients (via email or key ID) may decrypt all discrete tarballs
  • Symmetrically: You may choose a passphrase for each discrete tarball
  1. All discrete tarballs are tar'd into a single (uncompressed) tarball
  2. Final tarball is chmod'd to 0600 and is ready to be safely stored wherever

Setup

  1. Clone the git repo where you want to run the tool from (e.g. ~/.backup)
git clone git@github.com/bryanchriswhite/.backup ~/.backup ## Replace "~/.backup" with the desired destination (optional)
cd !!:3 ## Change directory to the destination (for subsequent steps [optional])
  1. Copy the config.example file to config
cp config.example config
  1. Modify the newly created config file's variables to suite your requirements; see the configure section below
  2. Add the bin directory to your path
echo 'PATH=$PATH:~/.backup/bin # Assumes clone destination is `~/.backup`' >> ~/.bashrc # Or .zshrc, etc.

NOTE: File bin/.backup is a symlink so you may rename the command avialble via your path simply by renaming this file

Configure

The config file contains the following variables:

Variable Name Purpose Example
BACKUP_OUTPUT_DIR Destination where final tarball will be output (NOTE: must not have a trailing /) $HOME/.backup/output
BACKUP_OUTPUT_FILE Final output tarball filename .keys_backup.tar
RECIPIENTS Space delimited list of email addresses or GPG key IDs to be used for all asymmetric encryption of discrete tarballs bryanchriswhite@gmail.com bryan@liminal.ly
(NOTE: space delimited)
SIGNEE Email address (or key ID) of private key used to sign both asymmetrically and symmetrically encrypted discrete tarballs (only one signature can be used for all tarballs) bryanchriswhite@gmail.com
ASYM_INPUTS Newline delimited list of all discrete directories/files to be tar'd, compressed, and asymmetrically encrypted in step 1 (such that RECIPIENTS are able to decrypt them) $HOME/.ssh
$HOME/.aws
$HOME/.password-store
(NOTE: new line delimited)
SYM_INPUTS Newline delimited list of all discrete directories/files to be tar'd, compressed, and symmetrically encrypted in step 1 using a passphrase; (you will be prompted to enter a passphrase for each discrete directory/file [i.e. line in this multi-line variable]) $HOME/.gnupg
(NOTE: new line delimited)

Use

Now that you've configured your installation you may simply run the script:

.backup` # Or whatever you renamed `bin/.backup` to

You may need to give yourself execute permission on the .bin/.backup file: chmod u+x .bin/.backup.sh (still assuming you cloned into ~/.backup and are cd'd there)

About

Languages

Language:Shell 100.0%