From fae3967b9617142b7e78834fd67bcb639fe22113 Mon Sep 17 00:00:00 2001
From: briskt <3172830+briskt@users.noreply.github.com>
Date: Mon, 24 Nov 2025 21:49:35 +0800
Subject: [PATCH] change the AWS access key variables to the AWS CLI standard

---
 README.md              | 8 ++++++--
 application/backup.sh  | 6 +++++-
 application/restore.sh | 6 +++++-
 local.env.dist         | 4 ++--
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index eedbdc0..2c4b639 100644
--- a/README.md
+++ b/README.md
@@ -24,9 +24,13 @@ Service to backup and/or restore a PostgreSQL database to/from S3
 
 `DB_USER` user that accesses the database (PostgreSQL "role")
 
-`AWS_ACCESS_KEY` used for S3 interactions
+`AWS_ACCESS_KEY_ID` used for S3 interactions
 
-`AWS_SECRET_KEY` used for S3 interactions
+`AWS_SECRET_ACCESS_KEY` used for S3 interactions
+
+`AWS_ACCESS_KEY` used for S3 interactions (Deprecated)
+
+`AWS_SECRET_KEY` used for S3 interactions (Deprecated)
 
 `S3_BUCKET` e.g., _s3://database-backups_ **NOTE: no trailing slash**
 
diff --git a/application/backup.sh b/application/backup.sh
index 84ce6df..49c2746 100755
--- a/application/backup.sh
+++ b/application/backup.sh
@@ -10,7 +10,7 @@ log() {
 # Function to remove sensitive values from sentry Event
 filter_sensitive_values() {
     local msg="$1"
-    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
         val="${!var}"
         if [ -n "$val" ]; then
             msg="${msg//$val/[FILTERED]}"
@@ -63,6 +63,10 @@ start=$(date +%s);
 $(PGPASSWORD=${DB_USERPASSWORD} pg_dump --host=${DB_HOST} --username=${DB_USER} --create --clean ${DB_OPTIONS} --dbname=${DB_NAME} > /tmp/${DB_NAME}.sql) || STATUS=$?;
 end=$(date +%s);
 
+# maintain backward compatibility with key variables accepted by s3cmd
+export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY}"
+export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_KEY}"
+
 if [ $STATUS -ne 0 ]; then
     error_message="${MYNAME}: FATAL: Backup of ${DB_NAME} returned non-zero status ($STATUS) in $(expr ${end} - ${start}) seconds.";
     log "ERROR" "${error_message}";
diff --git a/application/restore.sh b/application/restore.sh
index 10467c0..5581c56 100755
--- a/application/restore.sh
+++ b/application/restore.sh
@@ -9,7 +9,7 @@ log() {
 
 filter_sensitive_values() {
     local msg="$1"
-    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
         val="${!var}"
         if [ -n "$val" ]; then
             msg="${msg//$val/[FILTERED]}"
@@ -94,6 +94,10 @@ fi
 log "INFO" "${MYNAME}: copying database ${DB_NAME} backup and checksum from ${S3_BUCKET}"
 start=$(date +%s)
 
+# maintain backward compatibility with key variables accepted by s3cmd
+export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY}"
+export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_KEY}"
+
 # Download database backup
 aws s3 cp "${S3_BUCKET}/${DB_NAME}.sql.gz" "/tmp/${DB_NAME}.sql.gz" || STATUS=$?
 if [ $STATUS -ne 0 ]; then
diff --git a/local.env.dist b/local.env.dist
index 61d76ff..fa51381 100644
--- a/local.env.dist
+++ b/local.env.dist
@@ -1,5 +1,5 @@
-AWS_ACCESS_KEY=
-AWS_SECRET_KEY=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
 S3_BUCKET=
 
 # BackBlaze variables