init container

.drone.yml

@@ -0,0 +1,24 @@
+---
+kind: pipeline
+name: build and publish
+steps:
+  - name: docker
+    image: plugins/docker
+    settings:
+      repo: ducampsv/docker-vault-backup
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+---
+kind: secret
+name: docker_username
+get:
+  path: secrets/data/droneci/dockerHub
+  name: username
+---
+kind: secret
+name: docker_password
+get:
+  path: secrets/data/droneci/dockerHub
+  name: password

Dockerfile

@@ -0,0 +1,4 @@
+FROM vault:1.13.3
+COPY vault-backup.sh /
+CMD ./vault-backup.sh
+VOLUME /backup

Readme.md

@@ -0,0 +1,12 @@
+# docker-vault-backup
+
+perform a backup of vault raft base
+
+## ENV variable
+
+- VAULT_APPROLEID
+- VAULT_SECRETID
+
+## mount
+
+mount your backup location on /backup

makefile

@@ -0,0 +1,7 @@
+
+DOCKER_ORGANIZATION := ducampsv
+DOCKER_IMAGE:= docker-backup-postgres
+
+
+build:
+	docker buildx build . -t $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE)

vault-backup.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+export PATH_SNAPSHOT="/backup"
+export PATH_DIR="daily"
+export PATH_BACKUP=$PATH_SNAPSHOT"/"$PATH_DIR
+export VAULT_ADDR="http://active.vault.service.consul:8200"
+export RETENTION=30
+export ENV="0"    # (0 = staging, 1 = production)
+export SNAPSHOT_FILE=$(date +%Y-%m-%d)
+
+
+create_snapshot_folder(){
+  mkdir -p $PATH_BACKUP
+}
+
+run_snapshot() {
+  export VAULT_TOKEN=$(/bin/vault write -field=token auth/approle/login role_id=$VAULT_APPROLEID secret_id=$VAULT_SECRETID)
+  /bin/vault operator raft snapshot save $PATH_BACKUP/$SNAPSHOT_FILE.snap
+}
+
+retention() {
+find $PATH_BACKUP -name "*.snap" -mtime +${RETENTION} -print -exec rm {} \;
+}
+
+main() {
+  create_snapshot_folder
+  run_snapshot
+  retention
+}
+
+### START HERE ###
+main $@