Aerospike Backup (asbackup)
Asbackup is Aerospike’s tool used to backup and restore namespaces in an Aerospike database. We have just added the ability to compress and encrypt backup files as they are being made. The method used operates on the data before it is written to the file, so even if a backup job is aborted before finishing, you will never have unencrypted data on disk.
For technical documentation on these features, see the docs.
How to: Compression
The compression algorithm used by asbackup is zstd compression. To run the backup tool with compression, use the --compress option followed by the compression algorithm to be used. As of right now, the only available compression algorithm is zstd.
Let’s assume you want to backup all records in the namespace test into a directory test_dir and compress the backup files, you’d run:
$ asbackup --namespace test --directory test_dir --compress zstd
And then, to restore the whole namespace, run asrestore with the same arguments.
$ asrestore --namespace test --directory test_dir --compress zstd
Note: --compress zstd must be passed to asrestore . Backup files do not know whether they have been encrypted/compressed, so you have to tell asrestore what format to expect the files in.
How to: Encryption
The encryption algorithms used by asbackup are AES 128/AES 256 in Counter (CTR) Mode. To run the backup tool with encryption, use the --encrypt option followed by the encryption algorithm to be used, either aes128 or aes256.
Encryption must always be accompanied by a private key, which can be supplied in a file in PEM format, or in base-64 encoding in an environment variable.
The size of the private key used does not matter, the SHA 256 hash of the key is taken and used as the private key by AES 128/AES 256.
Encryption with a private key file
To run a backup with AES 128 encryption and private key stored at /opt/private_key.pem, run:
$ asbackup --namespace test --directory test_dir --encrypt aes128 --encryption-key-file /opt/private_key.pem
And to restore from the encrypted backup files, run:
$ asrestore --namespace test --directory test_dir --encrypt aes128 --encryption-key-file /opt/private_key.pem
Encryption with a private key environment variable
If you want to run a backup with AES 128 encryption, and you have the private key stored in an environment variable (say it’s named AS_PRIVATE_KEY), run:
$ asbackup --namespace test --directory test_dir --encrypt aes128 --encryption-key-env AS_PRIVATE_KEY
And to restore from the encrypted backup files, run:
$ asrestore --namespace test --directory test_dir --encrypt aes128 --encryption-key-env AS_PRIVATE_KEY