sil-org · briskt · Nov 24, 2025 · Nov 24, 2025
diff --git a/README.md b/README.md
@@ -24,9 +24,13 @@ Service to backup and/or restore a PostgreSQL database to/from S3
 
 `DB_USER` user that accesses the database (PostgreSQL "role")
 
-`AWS_ACCESS_KEY` used for S3 interactions
+`AWS_ACCESS_KEY_ID` used for S3 interactions
 
-`AWS_SECRET_KEY` used for S3 interactions
+`AWS_SECRET_ACCESS_KEY` used for S3 interactions
+
+`AWS_ACCESS_KEY` used for S3 interactions (Deprecated)
+
+`AWS_SECRET_KEY` used for S3 interactions (Deprecated)
 
 `S3_BUCKET` e.g., _s3://database-backups_ **NOTE: no trailing slash**
 

diff --git a/application/backup.sh b/application/backup.sh
@@ -10,7 +10,7 @@ log() {
 # Function to remove sensitive values from sentry Event
 filter_sensitive_values() {
     local msg="$1"
-    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
         val="${!var}"
         if [ -n "$val" ]; then
             msg="${msg//$val/[FILTERED]}"
@@ -63,6 +63,10 @@ start=$(date +%s);
 $(PGPASSWORD=${DB_USERPASSWORD} pg_dump --host=${DB_HOST} --username=${DB_USER} --create --clean ${DB_OPTIONS} --dbname=${DB_NAME} > /tmp/${DB_NAME}.sql) || STATUS=$?;
 end=$(date +%s);
 
+# maintain backward compatibility with key variables accepted by s3cmd
+export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY}"
+export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_KEY}"
+
 if [ $STATUS -ne 0 ]; then
     error_message="${MYNAME}: FATAL: Backup of ${DB_NAME} returned non-zero status ($STATUS) in $(expr ${end} - ${start}) seconds.";
     log "ERROR" "${error_message}";

diff --git a/application/restore.sh b/application/restore.sh
@@ -9,7 +9,7 @@ log() {
 
 filter_sensitive_values() {
     local msg="$1"
-    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
         val="${!var}"
         if [ -n "$val" ]; then
             msg="${msg//$val/[FILTERED]}"
@@ -94,6 +94,10 @@ fi
 log "INFO" "${MYNAME}: copying database ${DB_NAME} backup and checksum from ${S3_BUCKET}"
 start=$(date +%s)
 
+# maintain backward compatibility with key variables accepted by s3cmd
+export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY}"
+export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_KEY}"
+
 # Download database backup
 aws s3 cp "${S3_BUCKET}/${DB_NAME}.sql.gz" "/tmp/${DB_NAME}.sql.gz" || STATUS=$?
 if [ $STATUS -ne 0 ]; then

diff --git a/local.env.dist b/local.env.dist
@@ -1,5 +1,5 @@
-AWS_ACCESS_KEY=
-AWS_SECRET_KEY=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
 S3_BUCKET=
 
 # BackBlaze variables