In the world of data management, ensuring the security and integrity of your files is paramount. Creating regular snapshots of important folders not only provides a backup but also allows for easy recovery in case of data loss.
However, backup files are vulnerable to attack and, if exfiltrated, could expose sensitive information and data to attackers: thus, it is always advisable to store them securely encrypted.
In this blog post, we will explore a powerful and secure way to automate this process using a Shell script and a Python utility (the underlying encryption is done using Open SSL).
For the complete source code of the script, please refer to the GitHub Gist.
Prerequisites and Dependencies
Before diving into the script, make sure you have the following prerequisites and dependencies in place:
zsh
Shell: The script is written for thezsh
shell. Make sure you have it installed.filecrypt
Utility: This script utilizes thefilecrypt
utility for encryption, which is installed via thecrytto
Python package. You can find thefilecrypt
utility at filecrypt GitHub repository.- Python Virtual Environment: The script activates a Python virtual environment named
crytto
. Make sure you have Python installed and create the virtual environment with thecrytto
package installed (pip install crytto
). common-utils
Repository: The script references thecommon-utils
repository. You can find it here. Make sure it’s installed as described there and the installation path (${COMMON_UTILS}
) is set as expected by the script (source ${COMMON_UTILS}/utils
).
Understanding the Script
The provided Bash script automates the process of archiving and encrypting files from specified source folders into a destination folder. Let’s break down its functionality and understand how it works.
Script Overview
The script starts by defining a usage
function, which provides information on how to use the script, including available options and arguments. It then defines a check_mount
function to verify if the destination folder is properly mounted.
Validation Process
The validate
function ensures that the necessary tools and variables are in place. Let’s go through the validation checks in detail:
- Checking
filecrypt
: The function verifies the presence of thefilecrypt
executable in thecrytto
virtual environment. - Validating Source and Destination Paths: It checks if at least one source folder is specified and ensures the destination path has no file extension.
- Checking Destination File Existence: If the destination file
${DEST}.tar.gz.enc
already exists, it prompts for confirmation to overwrite unless the non-interactive mode (-n
option) is enabled.
Script Execution
The script processes the options using the getopts
command. It checks for the -n
option to enable non-interactive mode. After processing the options, the script expects two mandatory arguments: DEST
(destination folder) and SOURCES
(source folders to be archived and encrypted).
Once the validation is successful, the script creates a temporary plaintext tarball of the specified source folders. It then encrypts the tarball using the filecrypt
utility and moves the encrypted file to the specified destination.
Encryption with filecrypt
The following line demonstrates how the filecrypt
utility is invoked for encryption:
msg "Encrypting ${TARBALL} to ${TARBALL}.enc"
filecrypt -o ${TARBALL}.enc ${TARBALL}
In this line, ${TARBALL}
represents the plaintext tarball, and filecrypt
encrypts it, producing the encrypted file ${TARBALL}.enc
.
Use filecrypt -h
for a full list of all available options (including how to decrypt the archive to restore the data).
Usage Examples
Here are some usage examples of the script:
- Interactive Mode:
./snapshot.sh /path/to/destination /path/to/source1 /path/to/source2
In this mode, the script prompts for confirmation if the destination file already exists.
- Non-Interactive Mode:
./snapshot.sh -n /path/to/destination /path/to/source1 /path/to/source2
In this mode, the script aborts if the destination file already exists.
Conclusion
Automating the process of archiving and encrypting files is crucial for data security and management. This Bash script simplifies this process, allowing you to create secure snapshots of your important data with ease. By understanding its functionality and usage, you can seamlessly incorporate it into your backup strategies, ensuring the safety of your valuable files. For more details and the complete source code, please refer to the GitHub repository.
Leave a comment