DEV Community

Cover image for Secure your MySQL/MariaDB backups with GFS retention and encryption
William Arin
William Arin

Posted on

Secure your MySQL/MariaDB backups with GFS retention and encryption

While there are plenty of existing Docker images to backup MySQL/MariaDB databases with a rotating scheme, I needed GFS retention scheme. GFS as in Grandfather-father-son, with several backup cycles: daily, weekly, monthly, yearly.

So I created this image for my own use at first, then I published it with MIT license.

GitHub logo williarin / secure-mysql-backups

Long-term retention for secure MySQL backups

Long-term retention for secure MySQL backups

This Docker image will backup your MySQL/MariaDB databases following the Grandfather-Father-Son (GFS) retention scheme.

Features

  • GFS backups retention scheme
  • AES256 encryption/decryption
  • Single or multiple databases backups
  • Grouped or individual archives
  • Parallelized compression

GFS retention scheme

This means that you'll always have:

  • A backup for every day of the last week (6)
  • A backup for every week of the last month (4)
  • A backup for every month of the last year (12)
  • A backup for every previous year (unlimited)

For a 100MB backup, it will cost you around 2GB for the current year + 100MB for each previous year.

In SuperSafe mode, you'll have:

  • A backup for every day of the last month (28~31)
  • A backup for every week of the last year (48)
  • A backup for every previous year (unlimited)

For a 100MB backup, backups will cost you around 8GB for the current year…

Features

Swarm-ready

All configuration variables can be sourced from a file. This is ideal when deploying with Docker Swarm, as you can source your passwords from Swarm secrets.

GFS backups with 2 retention schemes

Normal GFS mode

In this mode, you'll have:

  • A backup for every day of the last week (6)
  • A backup for every week of the last month (4)
  • A backup for every month of the last year (12)
  • A backup for every previous year (unlimited)

SuperSafe mode

In SuperSafe mode, you'll have:

  • A backup for every day of the last month (28~31)
  • A backup for every week of the last year (48)
  • A backup for every previous year (unlimited)

AES256 encryption and decryption

Archives can be encrypted and decrypted with AES-256-CBC algorithm.

Single or multiple databases backups

You can either create an archive with all your databases inside, or one archive per database.

Parallelized compression

If your server has multiple CPUs, compressing the archives will use them all. You can configure the number of CPUs to be used to avoid saturating your server.

Manual backups

You can also trigger a backup manually.

Future proof

This image has been tested with multiple unit and functional tests that cover all the code.

Next steps

Learn more about how to use this image on the Github repo.

What other features would you like to see in this image?

Discussion (0)