Using encryption and compression tools with mariabackup

You are viewing an old version of this article. View the current version here.

mariabackup supports streaming to stdout with --stream=xbstream option. This option allows easy integration with popular encryption and compression tools. Below are several examples

Encrypting and decrypting backup with openssl

The following example creates AES encrypted backup, protected with password "mypass" and stores it in a file "backup.xb.enc"

mariabackup --user=root --backup --stream=xbstream  | openssl  enc -aes-256-cbc -k mypass > backup.xb.enc

To decrypt and unpack this backup into current directory, the following command can be used

openssl  enc -d -aes-256-cbc -k mypass -in backup.xb.enc | mbstream -x

Compressing and encrypting backup, using gzip and openssl

This example adds compression step before the encryption, otherwise looks almost identically to the previous example

mariabackup --user=root --backup --stream=xbstream | gzip | openssl  enc -aes-256-cbc -k mypass > backup.xb.gz.enc

We can decrypt, decompress and unpack this backup like this (note "gzip -d" in the pipeline)

openssl  enc -d -aes-256-cbc -k mypass -in backup.xb.gz.enc |gzip -d| mbstream -x

Compressing and encrypting with 7Zip

7zip archiver is a popular utility (especially on Windows), that also supports reading from standard output, with option -si, and writing to stdout with option -so, thus can be used together with mariabackup

Compressing backup with 7z command line utility works like below:

mariabackup --user=root --backup --stream=xbstream | 7z a -si backup.xb.7z

Uncompress and unpack the archive with

7z e backup.xb.7z -so |mbstream -x

7z also has builtin AES-256 encryption. To encrypt the backup from previous example using password SECRET, add -pSECRET to 7z command line.

Encrypting with GPG

Encryption

mariabackup --user=root --backup --stream=xbstream | gpg -c --passphrase SECRET --batch --yes -o backup.xb.gpg

Decrypt, unpack

gpg --decrypt --passphrase SECRET --batch --yes  backup.xb.gpg | mbstream -x

Interactive input for passphrase

Most of the described tools also provide a way to enter passphrase interactively (although 7zip does not seem to work well when reading input from stdin). Please consult documentation of the tools for more info.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.