commit 9b21dce21ccc31d031bcf79f5c2c6a66afdf4760
Author: vincent <vincent@ducamps.win>
Date:   Wed Nov 1 17:50:47 2023 +0100

    init container

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..ffd56cd
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,24 @@
+---
+kind: pipeline
+name: build and publish
+steps:
+  - name: docker
+    image: plugins/docker
+    settings:
+      repo: ducampsv/docker-vault-backup
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+---
+kind: secret
+name: docker_username
+get:
+  path: secrets/data/droneci/dockerHub
+  name: username
+---
+kind: secret
+name: docker_password
+get:
+  path: secrets/data/droneci/dockerHub
+  name: password
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a21c056
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,4 @@
+FROM vault:1.13.3
+COPY vault-backup.sh /
+CMD ./vault-backup.sh
+VOLUME /backup
diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..d33e4d1
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,12 @@
+# docker-vault-backup
+
+perform a backup of vault raft base
+
+## ENV variable
+
+- VAULT_APPROLEID
+- VAULT_SECRETID
+
+## mount
+
+mount your backup location on /backup
diff --git a/makefile b/makefile
new file mode 100644
index 0000000..25b774c
--- /dev/null
+++ b/makefile
@@ -0,0 +1,7 @@
+
+DOCKER_ORGANIZATION := ducampsv
+DOCKER_IMAGE:= docker-backup-postgres
+
+
+build:
+	docker buildx build . -t $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE)
diff --git a/vault-backup.sh b/vault-backup.sh
new file mode 100755
index 0000000..7544423
--- /dev/null
+++ b/vault-backup.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+export PATH_SNAPSHOT="/backup"
+export PATH_DIR="daily"
+export PATH_BACKUP=$PATH_SNAPSHOT"/"$PATH_DIR
+export VAULT_ADDR="http://active.vault.service.consul:8200"
+export RETENTION=30
+export ENV="0"    # (0 = staging, 1 = production)
+export SNAPSHOT_FILE=$(date +%Y-%m-%d)
+
+
+create_snapshot_folder(){
+  mkdir -p $PATH_BACKUP
+}
+
+run_snapshot() {
+  export VAULT_TOKEN=$(/bin/vault write -field=token auth/approle/login role_id=$VAULT_APPROLEID secret_id=$VAULT_SECRETID)
+  /bin/vault operator raft snapshot save $PATH_BACKUP/$SNAPSHOT_FILE.snap
+}
+
+retention() {
+find $PATH_BACKUP -name "*.snap" -mtime +${RETENTION} -print -exec rm {} \;
+}
+
+main() {
+  create_snapshot_folder
+  run_snapshot
+  retention
+}
+
+### START HERE ###
+main $@