This holds the necessary code to use existing database dump tools with gpg to create a full backup of a disk in an encrypted format that can sit on disk more safely than just a text dump of that database.
This library was originally created for RatticWeb which made the decision to not handle encryption within the application itself (encryption is difficult).
There are two commands of importance in this library.
db_backup.commands.backup(database_settings, recipients, backup_dir, gpg_home=None)
This will dump the database as specified by
database_settingsand create a gpg encrypted file inside the specifiedbackup_dir(using thegpg_homeif specified, otherwise whatever the gpg binary on your system wants to use) that can only be decrypted by the specifiedrecipients.
database_settingsis a dictionary of{name, engine, port, host, user, password}where all values exceptnameandengineare optional.
engineis one ofsqlite3,psqlormysqlor the names of the equivalent backends indjango.db.backends(i.e. django database dictionary is fine)
recipientsis a list of strings where each string is the uid for a key in your gpg homedir.db_backup.commands.restore(database_settings, restore_from, gpg_home=None)
This will take the gpg encrypted file at
restore_from, decrypt it and feed the specified database with it.
database_settingsandgpg_homebehave like they do for the backup command.
restore_fromis just the filepath to the encrypted backup file.
Use pip!:
pip install db_backupOr if you're developing it:
pip install -e .
pip install -e ".[tests]"Run the helpful script:
./test.shOr if you're outside a virtualenv and want to test with old pythons as well:
tox