Optimize storage and speed when making an encrypted backup #1825
Conversation
|
LGTM! Would you be as kind to spare a few minutes on this one @freekmurze?:) |
|
Will do to, could you rebase against |
|
@freekmurze are you asking me? If yes, I can do a PR against main, after getting this merged under v8. |
|
There are merge conflicts preventing this from being merged. You can rebase against the v8 branch. |
|
@freekmurze rebased |
|
Is there anything else that can be done to help merge this PR? I am emphasizing the issue of having unencrypted archives make it to a remote storage (i.e. s3) under specific circumstances. |
| } else { | ||
| app()->call('\Spatie\Backup\Listeners\EncryptBackupArchive@handle', ['event' => new BackupZipWasCreated($pathToZip)]); | ||
| } | ||
| $this->sendNotification(new BackupZipWasCreated($pathToZip)); |
There was a problem hiding this comment.
We should only send notifications if $this->notifications is set to true
|
|
||
| namespace Spatie\Backup\Tasks\Backup; | ||
|
|
||
| class Encryption |
There was a problem hiding this comment.
Rename this class to BackupEncryptionConfig
| return $this->encryption; | ||
| } | ||
|
|
||
| public function loadEncryption() |
There was a problem hiding this comment.
Move all of this logic to a new static method loadFromConfigFile on the BackupEncryptionClass so the Zip becomes smaller
This PR addresses two issues:
In more detail:
Using a Listener to wait for a successful creation of backup had the side effect of first creating a zip archive, unencrypted, then create the encrypted zip archive using the unencrypted one, which demanded double the available disk space, as well as more time.
Further to the above, and most concerning, is when the Listener fails to encrypt the zip file, it shows a warning about a notification failed to be sent, but it continues to store the archive on the destination disks, allowing for the unencrypted version to make it to a remote destination with possible privacy implications. A very likely scenario for this to happen, is when there is not enough disk space available for the encrypted backup to be generated, but the unencrypted one was successfully created.
This PR tackles the issue by setting the zip archive to use encryption as soon as the files are added, without the need of first making an unencrypted version on the temp folder. This also has a nice side-effect of needing the same available disk space as if no encryption was configured.
Happy to create a PR also for v9
Note: Tide-up the tests related to the encryption, as the Listener is no longer used.