bakery-ia/scripts/encrypted-backup.sh

#!/usr/bin/env bash

# Encrypted PostgreSQL Backup Script
# Creates GPG-encrypted backups of all databases

set -e

BACKUP_DIR="${BACKUP_DIR:-/backups}"
BACKUP_DATE=$(date +%Y%m%d-%H%M%S)
GPG_RECIPIENT="${GPG_RECIPIENT:-backup@bakery-ia.com}"
NAMESPACE="${NAMESPACE:-bakery-ia}"

# Database list
DATABASES=(
  "auth-db"
  "tenant-db"
  "training-db"
  "forecasting-db"
  "sales-db"
  "external-db"
  "notification-db"
  "inventory-db"
  "recipes-db"
  "suppliers-db"
  "pos-db"
  "orders-db"
  "production-db"
  "alert-processor-db"
)

echo "Starting encrypted backup process..."
echo "Backup date: $BACKUP_DATE"
echo "Backup directory: $BACKUP_DIR"
echo "Namespace: $NAMESPACE"
echo ""

# Create backup directory if it doesn't exist
mkdir -p "$BACKUP_DIR"

for db in "${DATABASES[@]}"; do
  echo "Backing up $db..."

  # Get pod name
  POD=$(kubectl get pods -n "$NAMESPACE" -l "app.kubernetes.io/name=$db" -o jsonpath='{.items[0].metadata.name}')

  if [ -z "$POD" ]; then
    echo "  ⚠️  Warning: Pod not found for $db, skipping"
    continue
  fi

  # Extract database name from environment
  DB_NAME=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_DB')
  DB_USER=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_USER')

  # Create backup file name
  BACKUP_FILE="$BACKUP_DIR/${db}_${DB_NAME}_${BACKUP_DATE}.sql.gz.gpg"

  # Perform backup with pg_dump, compress with gzip, encrypt with GPG
  kubectl exec -n "$NAMESPACE" "$POD" -- \
    sh -c "pg_dump -U $DB_USER -d $DB_NAME" | \
    gzip | \
    gpg --encrypt --recipient "$GPG_RECIPIENT" --trust-model always > "$BACKUP_FILE"

  # Get file size
  SIZE=$(du -h "$BACKUP_FILE" | cut -f1)

  echo "  ✓ Backup complete: $BACKUP_FILE ($SIZE)"
done

echo ""
echo "===================="
echo "✓ Backup process completed!"
echo ""
echo "Total backups created: ${#DATABASES[@]}"
echo "Backup location: $BACKUP_DIR"
echo "Backup date: $BACKUP_DATE"
echo ""
echo "To decrypt a backup:"
echo "  gpg --decrypt backup_file.sql.gz.gpg | gunzip > backup.sql"
echo ""
echo "To restore a backup:"
echo "  gpg --decrypt backup_file.sql.gz.gpg | gunzip | psql -U user -d database"
Initial commit - production deployment 2026-01-21 17:17:16 +01:00			`#!/usr/bin/env bash`

			`# Encrypted PostgreSQL Backup Script`
			`# Creates GPG-encrypted backups of all databases`

			`set -e`

			`BACKUP_DIR="${BACKUP_DIR:-/backups}"`
			`BACKUP_DATE=$(date +%Y%m%d-%H%M%S)`
			`GPG_RECIPIENT="${GPG_RECIPIENT:-backup@bakery-ia.com}"`
			`NAMESPACE="${NAMESPACE:-bakery-ia}"`

			`# Database list`
			`DATABASES=(`
			`"auth-db"`
			`"tenant-db"`
			`"training-db"`
			`"forecasting-db"`
			`"sales-db"`
			`"external-db"`
			`"notification-db"`
			`"inventory-db"`
			`"recipes-db"`
			`"suppliers-db"`
			`"pos-db"`
			`"orders-db"`
			`"production-db"`
			`"alert-processor-db"`
			`)`

			`echo "Starting encrypted backup process..."`
			`echo "Backup date: $BACKUP_DATE"`
			`echo "Backup directory: $BACKUP_DIR"`
			`echo "Namespace: $NAMESPACE"`
			`echo ""`

			`# Create backup directory if it doesn't exist`
			`mkdir -p "$BACKUP_DIR"`

			`for db in "${DATABASES[@]}"; do`
			`echo "Backing up $db..."`

			`# Get pod name`
			`POD=$(kubectl get pods -n "$NAMESPACE" -l "app.kubernetes.io/name=$db" -o jsonpath='{.items[0].metadata.name}')`

			`if [ -z "$POD" ]; then`
			`echo " ⚠️ Warning: Pod not found for $db, skipping"`
			`continue`
			`fi`

			`# Extract database name from environment`
			`DB_NAME=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_DB')`
			`DB_USER=$(kubectl exec -n "$NAMESPACE" "$POD" -- sh -c 'echo $POSTGRES_USER')`

			`# Create backup file name`
			`BACKUP_FILE="$BACKUP_DIR/${db}_${DB_NAME}_${BACKUP_DATE}.sql.gz.gpg"`

			`# Perform backup with pg_dump, compress with gzip, encrypt with GPG`
			`kubectl exec -n "$NAMESPACE" "$POD" -- \`
			`sh -c "pg_dump -U $DB_USER -d $DB_NAME" \| \`
			`gzip \| \`
			`gpg --encrypt --recipient "$GPG_RECIPIENT" --trust-model always > "$BACKUP_FILE"`

			`# Get file size`
			`SIZE=$(du -h "$BACKUP_FILE" \| cut -f1)`

			`echo " ✓ Backup complete: $BACKUP_FILE ($SIZE)"`
			`done`

			`echo ""`
			`echo "===================="`
			`echo "✓ Backup process completed!"`
			`echo ""`
			`echo "Total backups created: ${#DATABASES[@]}"`
			`echo "Backup location: $BACKUP_DIR"`
			`echo "Backup date: $BACKUP_DATE"`
			`echo ""`
			`echo "To decrypt a backup:"`
			`echo " gpg --decrypt backup_file.sql.gz.gpg \| gunzip > backup.sql"`
			`echo ""`
			`echo "To restore a backup:"`
			`echo " gpg --decrypt backup_file.sql.gz.gpg \| gunzip \| psql -U user -d database"`