Skip to content

Commit

Permalink
update documentation and the list of contributors
Browse files Browse the repository at this point in the history
  • Loading branch information
orgrim committed Dec 26, 2023
1 parent 572bbbc commit 5f0ba97
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 10 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Changelog

## pg_back 2.2.0

* Support compression in plain format
* Add option to skip loading config file
* Harden file permissions of output files
* Add Dockerfile and an example docker compose config
* Add an example configuration for Kubernetes
* Support AGE public keys for encryption
* Fix inclusion and excusion lists parsing in per db configs

## pg_back 2.1.1

* Fix exec path expansion when binDir is set
Expand Down
1 change: 1 addition & 0 deletions CONTRIBUTORS
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ Thibaud Walkowiak
Gounick
Massimo Lusetti
Kenny Root
Pierrick @pgpie
25 changes: 15 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -143,22 +143,27 @@ post backup hook is executed when present.

All the files procuded by a run of pg_back can be encrypted using age
(<https://age-encryption.org/> an easy to use tool that does authenticated
encryption of files). To keep things simple, encryption is done using a
passphrase. To encrypt files, use the `--encrypt` option along with the
`--cipher-pass` option or `PGBK_CIPHER_PASS` environment variable to specify the
passphrase. When `encrypt` is set to true in the configuration file, the
encryption of files). Encryption can be done with a passphrase or a key pair.

To encrypt files with a passphrase, use the `--encrypt` option along with the
`--cipher-pass` option or `PGBK_CIPHER_PASS` environment variable to specify
the passphrase. When `encrypt` is set to true in the configuration file, the
`--no-encrypt` option allows to disable encryption on the command line. By
default, unencrypted source files are removed when they are successfully
encrypted. Use the `--encrypt-keep-src` option to keep them or
`--no-encrypt-keep-src` to force remove them and override the configuration
file. If required, checksum of encrypted files are computed.

Encrypted files can be decrypted with the correct passphrase and the
`--decrypt` option. When `--decrypt` is present on the command line, dumps are
not performed, instead files are decrypted. Files can also be decrypted with
the `age` tool, independently. Decryption of multiple files can be parallelized
with the `-j` option. Arguments on the commandline (database names when
dumping) are used as shell globs to choose which files to decrypt.
When using keys, use `--cipher-public-key` to encrypt and
`--cipher-private-key` to decrypt. The value are passed as strings in Bech32
encoding. The easiest way to create them is to use the `age` tool.

Encrypted files can be decrypted with the correct passphrase or the private key
and the `--decrypt` option. When `--decrypt` is present on the command line,
dumps are not performed, instead files are decrypted. Files can also be
decrypted with the `age` tool, independently. Decryption of multiple files can
be parallelized with the `-j` option. Arguments on the commandline (database
names when dumping) are used as shell globs to choose which files to decrypt.

**Please note** that files are written on disk unencrypted in the backup directory,
before encryption and deleted after the encryption operation is complete. This
Expand Down

0 comments on commit 5f0ba97

Please sign in to comment.