Add openssl support and example

Dockerfile

@@ -4,7 +4,7 @@ MAINTAINER Avi Deitcher <https://github.com/deitch>
 
 # install the necessary client
 # the mysql-client must be 10.3.15 or later
-RUN apk add --update 'mariadb-client>10.3.15' mariadb-connector-c bash python3 samba-client shadow && \
+RUN apk add --update 'mariadb-client>10.3.15' mariadb-connector-c bash python3 samba-client shadow openssl && \
     rm -rf /var/cache/apk/* && \
     touch /etc/samba/smb.conf && \
     pip3 install awscli

README.md

@@ -268,6 +268,14 @@ fi
 
 You can think of this as a sort of basic plugin system. Look at the source of the [entrypoint](https://github.com/databack/mysql-backup/blob/master/entrypoint) script for other variables that can be used.
 
+### Encrypting the Backup
+
+Post-processing also give you options to encrypt the backup using openssl. The openssl binary is available
+to the processing scripts.
+
+The sample [examples/encrypt.sh](./examples/encrypt.sh) provides a sample post-processing script that you can use
+to encrypt your backup with AES256.
+
 ## Restore
 ### Dump Restore
 If you wish to run a restore to an existing database, you can use mysql-backup to do a restore.

examples/encrypt.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+#
+# post-processing backup script used to encrypt the backup file.
+# Many thanks to Sascha Schieferdecker https://github.com/sascha-schieferdecker
+# for providing it.
+#
+# to use, mount in /scripts.d/post-backup/secure.sh
+#
+# the symmetric encryption key should be mounted in /scripts.d/post-backup/mysqldump-key.pub.pem
+
+# Encrypt and chmod backup file.
+if [[ -n "$DB_DUMP_DEBUG" ]]; then
+  set -x
+fi
+
+if [ -e ${DUMPFILE} ];
+then
+  openssl smime -encrypt -binary -text -aes256 -in ${DUMPFILE} -out ${DUMPFILE}.enc -outform DER /scripts.d/post-backup/mysqldump-key.pub.pem
+  mv ${DUMPFILE}.enc ${DUMPFILE}
+  chmod 600 ${DUMPFILE}
+else
+  echo "ERROR: Backup file ${DUMPFILE} does not exist!"
+fi
+