Using encryption and compression tools with mariabackup
mariabackup supports streaming to stdout with --stream=xbstream option. This option allows easy integration with popular encryption and compression tools. Below are several examples
Encrypting and decrypting backup with openssl
The following example creates AES encrypted backup, protected with password "mypass" and stores it in a file "backup.xb.enc"
mariabackup --user=root --backup --stream=xbstream | openssl enc -aes-256-cbc -k mypass > backup.xb.enc
To decrypt and unpack this backup into current directory, the following command can be used
openssl enc -d -aes-256-cbc -k mypass -in backup.xb.enc | mbstream -x
Compressing and encrypting backup, using gzip and openssl
This example adds compression step before the encryption, otherwise looks almost identically to the previous example
mariabackup --user=root --backup --stream=xbstream | gzip | openssl enc -aes-256-cbc -k mypass > backup.xb.gz.enc
We can decrypt, decompress and unpack this backup like this (note "gzip -d" in the pipeline)
openssl enc -d -aes-256-cbc -k mypass -in backup.xb.gz.enc |gzip -d| mbstream -x
Compressing and encrypting with 7Zip
7zip archiver is a popular utility (especially on Windows), that also supports reading from standard output, with option -si, and writing to stdout with option -so, thus can be used together with mariabackup
Compressing backup with 7z command line utility works like below:
mariabackup --user=root --backup --stream=xbstream | 7z a -si backup.xb.7z
Uncompress and unpack the archive with
7z e backup.xb.7z -so |mbstream -x
7z also has builtin AES-256 encryption. To encrypt the backup from previous example using password SECRET, add -pSECRET to 7z command line.
Encrypting with GPG
Encryption
mariabackup --user=root --backup --stream=xbstream | gpg -c --passphrase SECRET --batch --yes -o backup.xb.gpg
Decrypt, unpack
gpg --decrypt --passphrase SECRET --batch --yes backup.xb.gpg | mbstream -x
Interactive input for passphrase
Most of the described tools also provide a way to enter passphrase interactively (although 7zip does not seem to work well when reading input from stdin). Please consult documentation of the tools for more info.