Release 3.7.6 - See CHANGELOG.md

Typo correction

.github/workflows/main.yml

@@ -1,112 +1,15 @@
-### Application Level Image CI
+name: "build_image"
-### Dave Conroy <dave at tiredofit dot ca>
-
-name: 'build'
 
 on:
   push:
     paths:
-    - '**'
+      - "**"
-    - '!README.md'
+      - "!README.md"
+
 jobs:
-  docker:
+  build:
-    runs-on: ubuntu-latest
+    uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-    steps:
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64.yml@main
-      - name: Checkout
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-        uses: actions/checkout@v3
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_arm64.yml@main
-
+    secrets: inherit
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
-          set -x
-          if [[ $GITHUB_REF == refs/heads/* ]]; then
-             if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
-               BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
-             else
-               BRANCH=${GITHUB_REF#refs/heads/}
-             fi
-
-            case ${BRANCH} in
-              "main" | "master" )
-                  BRANCHTAG="${DOCKER_IMAGE}:latest"
-                ;;
-              "develop" )
-                  BRANCHTAG="${DOCKER_IMAGE}:develop"
-                ;;
-              * )
-                  if [ -n "${{ secrets.LATEST }}" ] ; then
-                    if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
-                    else
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                    fi
-                  else
-                    BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                  fi
-                ;;
-            esac
-          fi
-
-
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-               GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
-          fi
-
-          if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
-            TAGS=${BRANCHTAG},${GITTAG}
-          else
-            TAGS="${BRANCHTAG}${GITTAG}"
-          fi
-
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Label
-        id: Label
-        run: |
-          if [ -f "Dockerfile" ] ; then
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
-            if [ -f "CHANGELOG.md" ] ; then
-              sed -i "/FROM .*/a LABEL tiredofit.db-backup.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
-              mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md
-            fi
-
-
-            if [[ $GITHUB_REF == refs/tags/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
-            fi
-
-            if [[ $GITHUB_REF == refs/heads/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
-            fi
-          fi
-
-      - name: Build
-        uses: docker/build-push-action@v3
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{ steps.prep.outputs.tags }}

.github/workflows/manual.yml

@@ -1,6 +1,4 @@
-# Manual Workflow (Application)
+name: "manual_build_image"
-
-name: manual
 
 on:
   workflow_dispatch:
@@ -8,105 +6,11 @@ on:
       Manual Build:
         description: 'Manual Build'
         required: false
+
 jobs:
-  docker:
+  build:
-    runs-on: ubuntu-latest
+    uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-    steps:
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64.yml@main
-      - name: Checkout
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-        uses: actions/checkout@v3
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_arm64.yml@main
-
+    secrets: inherit
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
-          set -x
-          if [[ $GITHUB_REF == refs/heads/* ]]; then
-             if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
-               BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
-             else
-               BRANCH=${GITHUB_REF#refs/heads/}
-             fi
-
-            case ${BRANCH} in
-              "main" | "master" )
-                  BRANCHTAG="${DOCKER_IMAGE}:latest"
-                ;;
-              "develop" )
-                  BRANCHTAG="${DOCKER_IMAGE}:develop"
-                ;;
-              * )
-                  if [ -n "${{ secrets.LATEST }}" ] ; then
-                    if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
-                    else
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                    fi
-                  else
-                    BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                  fi
-                ;;
-            esac
-          fi
-
-
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-               GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
-          fi
-
-          if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
-            TAGS=${BRANCHTAG},${GITTAG}
-          else
-            TAGS="${BRANCHTAG}${GITTAG}"
-          fi
-
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Label
-        id: Label
-        run: |
-          if [ -f "Dockerfile" ] ; then
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
-            if [ -f "CHANGELOG.md" ] ; then
-              sed -i "/FROM .*/a LABEL tiredofit.db-backup.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
-              mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md
-            fi
-
-
-            if [[ $GITHUB_REF == refs/tags/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
-            fi
-
-            if [[ $GITHUB_REF == refs/heads/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
-            fi
-          fi
-
-      - name: Build
-        uses: docker/build-push-action@v3
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{ steps.prep.outputs.tags }}

CHANGELOG.md

@@ -1,3 +1,89 @@
+## 3.7.6 2023-03-14 <toshy@github>
+
+   ### Changed
+      - Remove EXTRA_OPT variable from MySQL/MariaDB check
+
+
+## 3.7.5 2023-03-02 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add support for Docker Swarm mode Secrets for BLOBXFER_STORAGE_ACCOUNT_*_FILE
+
+
+## 3.7.4 2023-02-22 <gbe0@github>
+
+   ### Changed
+      - Fix when running in MANUAL_RUN_FOREVER mode looping
+
+
+## 3.7.3 2022-12-20 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Make S3_KEY_ID and S3_KEY_SECRET optional should IAM roles be used (Credit to alwynpan@github)
+
+
+## 3.7.2 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Bugfix for 3.7.1
+
+
+## 3.7.1 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Add MYSQL_ENABLE_TLS environment variable to switch on and off
+
+   ### Reverted
+      - Set default for MYSQL_TLS_CA_FILE to accomodate for most use cases
+
+
+## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
+
+   ### Added
+      - Introduce support for connecting via TLS to MySQL / MariaDB Hosts with MYSQL_TLS_* variables - See README for more details
+
+   ### Changed
+      - Fix for cleaning up filesystems that are syncing to Azure via blobxfer
+
+
+## 3.6.1 2022-11-23 <dave at tiredofit dot ca>
+
+   ### Added
+      - Switch to Alpine 3.17 base
+      - Switch to OpenSSL instead of LibreSSL
+
+
+## 3.6.0 2022-11-21 <dave at tiredofit dot ca>
+
+   ### Added
+      - Postgresql 15 Support
+
+
+## 3.5.6 2022-11-15 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Add failure if DB_TYPE empty or malformed
+
+
+## 3.5.5 2022-10-18 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Fix for S3 backups and trailing slashes (@greena13)
+
+
+## 3.5.4 2022-10-13 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Fix for Influx DB 1 backups when compression enabled
+
+
+## 3.5.3 2022-10-12 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Remove build dependencies for blobxfer making image size smaller
+      - Remove silencing commands limiting Postgres backups from working without DEBUG_MODE=TRUE
+
+
 ## 3.5.2 2022-10-11 <dave at tiredofit dot ca>
 
    ### Added

Dockerfile

@@ -1,8 +1,7 @@
-FROM docker.io/tiredofit/alpine:3.16
+FROM docker.io/tiredofit/alpine:3.17
 LABEL maintainer="Dave Conroy (github.com/tiredofit)"
 
 ### Set Environment Variables
-
 ENV INFLUX2_VERSION=2.4.0 \
     MSSQL_VERSION=18.0.1.1-1 \
     CONTAINER_ENABLE_MESSAGING=FALSE \
@@ -12,7 +11,8 @@ ENV INFLUX2_VERSION=2.4.0 \
     IMAGE_REPO_URL="https://github.com/tiredofit/docker-db-backup/"
 
 ### Dependencies
-RUN set -ex && \
+RUN source /assets/functions/00-container && \
+    set -ex && \
     apk update && \
     apk upgrade && \
     apk add -t .db-backup-build-deps \
@@ -20,6 +20,10 @@ RUN set -ex && \
                bzip2-dev \
                git \
                libarchive-dev \
+               openssl-dev \
+               libffi-dev \
+               python3-dev \
+               py3-pip \
                xz-dev \
                && \
     \
@@ -31,10 +35,10 @@ RUN set -ex && \
                mariadb-client \
                mariadb-connector-c \
                mongodb-tools \
-               libressl \
+               openssl \
                pigz \
-               postgresql \
+               postgresql15 \
-               postgresql-client \
+               postgresql15-client \
                pv \
                py3-cryptography \
                redis \
@@ -69,7 +73,6 @@ RUN set -ex && \
     make && \
     make install && \
     \
-    apk add gcc build-base libressl-dev libffi-dev python3-dev py3-pip && \
     pip3 install blobxfer && \
     \
 ### Cleanup
@@ -80,4 +83,4 @@ RUN set -ex && \
     rm -rf /root/.cache /tmp/* /var/cache/apk/*
 
 ### S6 Setup
-ADD install  /
+COPY install  /

README.md

@@ -1,7 +1,7 @@
 # github.com/tiredofit/docker-db-backup
 
 [![GitHub release](https://img.shields.io/github/v/tag/tiredofit/docker-db-backup?style=flat-square)](https://github.com/tiredofit/docker-db-backup/releases/latest)
-[![Build Status](https://img.shields.io/github/workflow/status/tiredofit/docker-db-backup/build?style=flat-square)](https://github.com/tiredofit/docker-db-backup/actions?query=workflow%3Abuild)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/tiredofit/docker-db-backup/main.yml?branch=main&style=flat-square)](https://github.com/tiredofit/docker-db-backup/actions)
 [![Docker Stars](https://img.shields.io/docker/stars/tiredofit/db-backup.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/db-backup/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/db-backup.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/db-backup/)
 [![Become a sponsor](https://img.shields.io/badge/sponsor-tiredofit-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/tiredofit)
@@ -53,6 +53,7 @@ Currently backs up CouchDB, InfluxDB, MySQL, MongoDB, Postgres, Redis servers.
   - [Scheduling Options](#scheduling-options)
   - [Backup Options](#backup-options)
     - [Backing Up to S3 Compatible Services](#backing-up-to-s3-compatible-services)
+    - [Upload to a Azure storage account by `blobxfer`](#upload-to-a-azure-storage-account-by-blobxfer)
 - [Maintenance](#maintenance)
   - [Shell Access](#shell-access)
   - [Manual Backups](#manual-backups)
@@ -79,7 +80,13 @@ Currently backs up CouchDB, InfluxDB, MySQL, MongoDB, Postgres, Redis servers.
 Clone this repository and build the image with `docker build <arguments> (imagename) .`
 
 ### Prebuilt Images
-Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/db-backup) and is the recommended method of installation.
+Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/db-backup)
+
+Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-db-backup/pkgs/container/docker-db-backup) 
+ 
+```
+docker pull ghcr.io/tiredofit/docker-db-backup:(imagetag)
+``` 
 
 The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md):
 
@@ -88,7 +95,7 @@ The following image tags are available along with their tagged release based on
 | latest      | `:latest` |
 
 ```bash
-docker pull tiredofit/db-backup:(imagetag)
+docker pull docker.io/tiredofdit/db-backup:(imagetag)
 ```
 #### Multi Architecture
 Images are built primarily for `amd64` architecture, and may also include builds for `arm/v7`, `arm64` and others. These variants are all unsupported. Consider [sponsoring](https://github.com/sponsors/tiredofit) my work so that I can work with various hardware. To see if this image supports multiple architecures, type `docker manifest (image):(tag)`
@@ -116,7 +123,7 @@ The following directories are used for configuration and can be mapped for persi
 
 #### Base Images used
 
-This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`, `nano`,`vim`.
+This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`, `nano`.
 
 Be sure to view the following repositories to understand all the customizable options:
 
@@ -138,18 +145,18 @@ Be sure to view the following repositories to understand all the customizable op
 | `SPLIT_DB`           | For each backup, create a new archive. `TRUE` or `FALSE` (MySQL and Postgresql Only)                                             | `TRUE`          |
 
 ### Database Specific Options
-| Parameter          | Description                                                                                                                                                                          | Default   |
+| Parameter          | Description                                                                                                                                                                          | Default |
-| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `DB_AUTH`          | (Mongo Only - Optional) Authentication Database                                                                                                                                      |           |
+| `DB_AUTH`          | (Mongo Only - Optional) Authentication Database                                                                                                                                      |         |
-| `DB_TYPE`          | Type of DB Server to backup `couch` `influx` `mysql` `pgsql` `mongo` `redis` `sqlite3`                                                                                               |           |
+| `DB_TYPE`          | Type of DB Server to backup `couch` `influx` `mysql` `pgsql` `mongo` `redis` `sqlite3`                                                                                               |         |
-| `DB_HOST`          | Server Hostname e.g. `mariadb`. For `sqlite3`, full path to DB file e.g. `/backup/db.sqlite3`                                                                                        |           |
+| `DB_HOST`          | Server Hostname e.g. `mariadb`. For `sqlite3`, full path to DB file e.g. `/backup/db.sqlite3`                                                                                        |         |
-| `DB_NAME`          | Schema Name e.g. `database` or `ALL` to backup all databases the user has access to. Backup multiple by seperating with commas eg `db1,db2`                                          |           |
+| `DB_NAME`          | Schema Name e.g. `database` or `ALL` to backup all databases the user has access to. Backup multiple by seperating with commas eg `db1,db2`                                          |         |
-| `DB_NAME_EXCLUDE`  | If using `ALL` - use this as to exclude databases seperated via commas from being backed up                                                                                          |           |
+| `DB_NAME_EXCLUDE`  | If using `ALL` - use this as to exclude databases seperated via commas from being backed up                                                                                          |         |
-| `DB_USER`          | username for the database(s) - Can use `root` for MySQL                                                                                                                              |           |
+| `DB_USER`          | username for the database(s) - Can use `root` for MySQL                                                                                                                              |         |
-| `DB_PASS`          | (optional if DB doesn't require it) password for the database                                                                                                                        |           |
+| `DB_PASS`          | (optional if DB doesn't require it) password for the database                                                                                                                        |         |
-| `DB_PORT`          | (optional) Set port to connect to DB_HOST. Defaults are provided                                                                                                                     | varies    |
+| `DB_PORT`          | (optional) Set port to connect to DB_HOST. Defaults are provided                                                                                                                     | varies  |
-| `INFLUX_VERSION`   | What Version of Influx are you backing up from `1`.x or `2` series - AMD64 and ARM64 only for `2`                                                                                    |           |
+| `INFLUX_VERSION`   | What Version of Influx are you backing up from `1`.x or `2` series - AMD64 and ARM64 only for `2`                                                                                    |         |
-| `MONGO_CUSTOM_URI` | If you wish to override the MongoDB Connection string enter it here e.g. `mongodb+srv://username:password@cluster.id.mongodb.net`                                                    |           |
+| `MONGO_CUSTOM_URI` | If you wish to override the MongoDB Connection string enter it here e.g. `mongodb+srv://username:password@cluster.id.mongodb.net`                                                    |         |
 |                    | This environment variable will be parsed and populate the `DB_NAME` and `DB_HOST` variables to properly build your backup filenames. You can overrde them by making your own entries |
 
 #### For Influx DB2:
@@ -169,19 +176,25 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 - You may need to wrap your `DB_DUMP_BEGIN` value in quotes for it to properly parse. There have been reports of backups that start with a `0` get converted into a different format which will not allow the timer to start at the correct time.
 
 ### Backup Options
-| Parameter                      | Description                                                                                                                  | Default        |
+| Parameter                      | Description                                                                                                                           | Default                   |
-| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | -------------- |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
-| `COMPRESSION`                  | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE`                                                      | `ZSTD`         |
+| `COMPRESSION`                  | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE`                                                               | `ZSTD`                    |
-| `COMPRESSION_LEVEL`            | Numberical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` - | `3`            |
+| `COMPRESSION_LEVEL`            | Numberical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` -          | `3`                       |
-| `ENABLE_PARALLEL_COMPRESSION`  | Use multiple cores when compressing backups `TRUE` or `FALSE`                                                                | `TRUE`         |
+| `ENABLE_PARALLEL_COMPRESSION`  | Use multiple cores when compressing backups `TRUE` or `FALSE`                                                                         | `TRUE`                    |
-| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8`                                                   | `autodetected` |
+| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8`                                                            | `autodetected`            |
-| `GZ_RSYNCABLE`                 | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE`                   | `FALSE`        |
+| `GZ_RSYNCABLE`                 | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE`                            | `FALSE`                   |
-| `ENABLE_CHECKSUM`              | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE`                                                                | `TRUE`         |
+| `ENABLE_CHECKSUM`              | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE`                                                                         | `TRUE`                    |
-| `CHECKSUM`                     | Either `MD5` or `SHA1`                                                                                                       | `MD5`          |
+| `CHECKSUM`                     | Either `MD5` or `SHA1`                                                                                                                | `MD5`                     |
-| `EXTRA_OPTS`                   | If you need to pass extra arguments to the backup command, add them here e.g. `--extra-command`                              |                |
+| `EXTRA_OPTS`                   | If you need to pass extra arguments to the backup command, add them here e.g. `--extra-command`                                       |                           |
-| `MYSQL_MAX_ALLOWED_PACKET`     | Max allowed packet if backing up MySQL / MariaDB                                                                             | `512M`         |
+| `MYSQL_MAX_ALLOWED_PACKET`     | Max allowed packet if backing up MySQL / MariaDB                                                                                      | `512M`                    |
-| `MYSQL_SINGLE_TRANSACTION`     | Backup in a single transaction with MySQL / MariaDB                                                                          | `TRUE`         |
+| `MYSQL_SINGLE_TRANSACTION`     | Backup in a single transaction with MySQL / MariaDB                                                                                   | `TRUE`                    |
-| `MYSQL_STORED_PROCEDURES`      | Backup stored procedures with MySQL / MariaDB                                                                                | `TRUE`         |
+| `MYSQL_STORED_PROCEDURES`      | Backup stored procedures with MySQL / MariaDB                                                                                         | `TRUE`                    |
+| `MYSQL_ENABLE_TLS`             | Enable TLS functionality for MySQL client                                                                                             | `FALSE`                   |
+| `MYSQL_TLS_VERIFY`             | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host                                                        | `FALSE`                   |
+| `MYSQL_TLS_VERSION`            | What TLS `v1.1` `v1.2` `v1.3` version to utilize                                                                                      | `TLSv1.1,TLSv1.2,TLSv1.3` |
+| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS  | `/etc/ssl/cert.pem`                          |
+| `MYSQL_TLS_CERT_FILE`          | Filename to load client certificate for connecting via TLS                                                                            |                           |
+| `MYSQL_TLS_KEY_FILE`           | Filename to load client key for connecting via TLS                                                                                    |                           |
 
 - When using compression with MongoDB, only `GZ` compression is possible.
 
@@ -190,11 +203,11 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 If `BACKUP_LOCATION` = `S3` then the following options are used.
 
 | Parameter             | Description                                                                               | Default |
-|-----------------------|-------------------------------------------------------------------------------------------|---------|
+| --------------------- | ----------------------------------------------------------------------------------------- | ------- |
 | `S3_BUCKET`           | S3 Bucket name e.g. `mybucket`                                                            |         |
-| `S3_KEY_ID`           | S3 Key ID                                                                                 |         |
+| `S3_KEY_ID`           | S3 Key ID (Optional)                                                                      |         |
-| `S3_KEY_SECRET`       | S3 Key Secret                                                                             |         |
+| `S3_KEY_SECRET`       | S3 Key Secret (Optional)                                                                  |         |
-| `S3_PATH`             | S3 Pathname to save to (must end in a trailing slash e.g. '`backup/`')                    |         |
+| `S3_PATH`             | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`')                 |         |
 | `S3_REGION`           | Define region in which bucket is defined. Example: `ap-northeast-2`                       |         |
 | `S3_HOST`             | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS.         |         |
 | `S3_PROTOCOL`         | Protocol to connect to `S3_HOST`. Either `http` or `https`. Defaults to `https`.          | `https` |
@@ -203,6 +216,8 @@ If `BACKUP_LOCATION` = `S3` then the following options are used.
 | _*OR*_                |                                                                                           |         |
 | `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting                                   | `TRUE`  |
 
+- When `S3_KEY_ID` and/or `S3_KEY_SECRET` is not set, will try to use IAM role assigned (if any) for uploading the backup files to S3 bucket.
+
 #### Upload to a Azure storage account by `blobxfer`
 
 Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer) to the Azure fileshare storage.
@@ -210,13 +225,13 @@ Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer
 
 If `BACKUP_LOCATION` = `blobxfer` then the following options are used.
 
-| Parameter                       | Description                                                              | Default              |
+| Parameter                      | Description                                 | Default             |
-| ------------------------------- | ------------------------------------------------------------------------ | -------------------- |
+| ------------------------------ | ------------------------------------------- | ------------------- |
-| `BLOBXFER_STORAGE_ACCOUNT`      | Microsoft Azure Cloud storage account name.                              |                      |
+| `BLOBXFER_STORAGE_ACCOUNT`     | Microsoft Azure Cloud storage account name. |                     |
-| `BLOBXFER_STORAGE_ACCOUNT_KEY`  | Microsoft Azure Cloud storage account key.                               |                      |
+| `BLOBXFER_STORAGE_ACCOUNT_KEY` | Microsoft Azure Cloud storage account key.  |                     |
-| `BLOBXFER_REMOTE_PATH`          | Remote Azure path                                                        | `/docker-db-backup`  |
+| `BLOBXFER_REMOTE_PATH`         | Remote Azure path                           | `/docker-db-backup` |
 
-> This service uploads files from backup targed directory `DB_DUMP_TARGET`. 
+> This service uploads files from backup targed directory `DB_DUMP_TARGET`.
 > If the a cleanup configuration in `DB_CLEANUP_TIME` is defined, the remote directory on Azure storage will also be cleaned automatically.
 
 ## Maintenance
@@ -231,7 +246,7 @@ docker exec -it (whatever your container name is) bash
 ### Manual Backups
 Manual Backups can be performed by entering the container and typing `backup-now`
 
-- Recently there was a request to have the container work with Kukbernetes cron scheduling. This can theoretically be accomplished by setting the container `MODE=MANUAL` and then setting `MANUAL_RUN_FOREVER=FALSE` - You would also want to disable a few features from the upstream base images specifically `CONTAINER_ENABLE_SCHEDULING` and `CONTAINER_ENABLE_MONITORING`. This should allow the container to start, execute a backup by executing and then exit cleanly. An alternative way to running the script is to execute `/etc/services.available/10-db-backup/run`.
+- Recently there was a request to have the container work with Kubernetes cron scheduling. This can theoretically be accomplished by setting the container `MODE=MANUAL` and then setting `MANUAL_RUN_FOREVER=FALSE` - You would also want to disable a few features from the upstream base images specifically `CONTAINER_ENABLE_SCHEDULING` and `CONTAINER_ENABLE_MONITORING`. This should allow the container to start, execute a backup by executing and then exit cleanly. An alternative way to running the script is to execute `/etc/services.available/10-db-backup/run`.
 
 ### Restoring Databases
 Entering in the container and executing `restore` will execute a menu based script to restore your backups - MariaDB, Postgres, and Mongo supported.
@@ -329,7 +344,7 @@ If for some reason your filesystem or host is not detecting it right, use the en
 These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
 ### Usage
 - The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image.
-- Consider [sponsoring me](https://github.com/sponsors/tiredofit) personalized support.
+- Consider [sponsoring me](https://github.com/sponsors/tiredofit) for personalized support
 ### Bugfixes
 - Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order.
 

install/assets/defaults/10-db-backup

@@ -12,9 +12,13 @@ ENABLE_CHECKSUM=${ENABLE_CHECKSUM:-"TRUE"}
 ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
 MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
 MODE=${MODE:-"AUTO"}
+MYSQL_ENABLE_TLS=${MYSQL_ENABLE_TLS:-"FALSE"}
 MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
 MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
 MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
+MYSQL_TLS_CA_FILE=${MYSQL_TLS_CA_FILE:-"/etc/ssl/cert.pem"}
+MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
+MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
 PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}
 S3_CERT_SKIP_VERIFY=${S3_CERT_SKIP_VERIFY:-"TRUE"}
 S3_PROTOCOL=${S3_PROTOCOL:-"https"}

install/assets/functions/10-db-backup

@@ -1,6 +1,7 @@
 #!/command/with-contenv bash
 
 bootstrap_variables() {
+    sanity_var DB_TYPE "Set appropriate DB_TYPE"
     case "${DB_TYPE,,}" in
         couch* )
             dbtype=couch
@@ -45,9 +46,28 @@ bootstrap_variables() {
         "mysql" | "mariadb" )
             dbtype=mysql
             DB_PORT=${DB_PORT:-3306}
+            sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
             [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
             [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
-            sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
+            if var_true "${MYSQL_ENABLE_TLS}" ; then
+                if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
+                    mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
+                fi
+
+                if var_true "${TLS_VERIFY}" ; then
+                    mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
+                fi
+
+                if [ -n "${MYSQL_TLS_VERSION}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+                fi
+            fi
         ;;
         "mssql" | "microsoftsql" )
             apkArch="$(apk --print-arch)"; \
@@ -74,12 +94,21 @@ bootstrap_variables() {
         sqlite* )
             dbtype=sqlite3
         ;;
+        * )
+            print_error "I don't recognize 'DB_TYPE=${DB_TYPE}' - Exitting.."
+            exit 99
+        ;;
     esac
 
-    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
+    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
         file_env 'S3_KEY_ID'
         file_env 'S3_KEY_SECRET'
     fi
+
+    if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_FILE}" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_KEY_FILE}" ]; then
+        file_env 'BLOBXFER_STORAGE_ACCOUNT_FILE'
+        file_env 'BLOBXFER_STORAGE_ACCOUNT_KEY_FILE'
+    fi
 }
 
 backup_couch() {
@@ -116,7 +145,7 @@ backup_influx() {
                 influxd backup ${influx_compression} ${bucket} -portable -host ${DB_HOST}:${DB_PORT} ${EXTRA_OPTS} "${TEMP_LOCATION}"/"${target_dir}"
                 exit_code=$?
                 check_exit_code $target_dir
-                print_notice "Creating archive file of '${target_dir}' with tar ${compresion_string}"
+                print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}"
                 tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}"
                 target=influx_${db}_${DB_HOST#*//}_${now}.tar${extension}
                 generate_checksum
@@ -193,7 +222,7 @@ backup_mysql() {
 
     if [ "${DB_NAME,,}" = "all" ] ; then
         print_debug "Preparing to back up everything except for information_schema and _* prefixes"
-        db_names=$(mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema )
+        db_names=$(mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER ${mysql_tls_args} ${EXTRA_OPTS} --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema )
         if [ -n "${DB_NAME_EXCLUDE}" ] ; then
             db_names_exclusions=$(echo "${DB_NAME_EXCLUDE}" | tr ',' '\n')
             for db_exclude in ${db_names_exclusions} ; do
@@ -214,7 +243,7 @@ backup_mysql() {
                 compression
                 pre_dbbackup $db
                 print_notice "Dumping MySQL/MariaDB database: '${db}' ${compression_string}"
-                silent mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${EXTRA_OPTS} --databases $db | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
+                mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} --databases $db | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
                 exit_code=$?
                 check_exit_code $target
                 generate_checksum
@@ -228,7 +257,7 @@ backup_mysql() {
         compression
         pre_dbbackup all
         print_notice "Dumping all MySQL / MariaDB databases: '$(echo ${db_names} | xargs | tr ' ' ',')' ${compression_string}"
-        silent mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${EXTRA_OPTS} --databases $(echo ${db_names} | xargs) | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
+        mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} --databases $(echo ${db_names} | xargs) | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
         exit_code=$?
         check_exit_code $target
         generate_checksum
@@ -263,7 +292,7 @@ backup_pgsql() {
                 compression
                 pre_dbbackup $db
                 print_notice "Dumping PostgresSQL database: '${db}' ${compression_string}"
-                silent pg_dump -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} $db ${EXTRA_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target}
+                pg_dump -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} $db ${EXTRA_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target}
                 exit_code=$?
                 check_exit_code $target
                 generate_checksum
@@ -285,7 +314,7 @@ backup_pgsql() {
         for x_db_name in ${tmp_db_names} ; do
             pgexclude_arg=$(echo ${pgexclude_arg} --exclude-database=${x_db_name})
         done
-        silent pg_dumpall -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} ${pgexclude_arg} ${EXTRA_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target}
+        pg_dumpall -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} ${pgexclude_arg} ${EXTRA_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target}
         exit_code=$?
         check_exit_code $target
         generate_checksum
@@ -392,7 +421,7 @@ check_availability() {
             "mysql" )
                 counter=0
                 export MYSQL_PWD=${DB_PASS}
-                while ! (mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" status > /dev/null 2>&1) ; do
+                while ! (mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" ${mysql_tls_args} status > /dev/null 2>&1) ; do
                     sleep 5
                     (( counter+=5 ))
                     print_warn "MySQL/MariaDB Server '${DB_HOST}' is not accessible, retrying.. (${counter} seconds so far)"
@@ -460,18 +489,21 @@ cleanup_old_data() {
     if [ -n "${DB_CLEANUP_TIME}" ]; then
         if [ "${master_exit_code}" != 1 ]; then
             case "${BACKUP_LOCATION,,}" in
+                "blobxfer" )
+                    print_info "Cleaning up old backups on filesystem"
+                    mkdir -p "${DB_DUMP_TARGET}"
+                    find "${DB_DUMP_TARGET}"/  -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \;
+                    print_info "Syncing changes via blobxfer"
+                    silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only
+                ;;
                 "file" | "filesystem" )
                     print_info "Cleaning up old backups on filesystem"
                     mkdir -p "${DB_DUMP_TARGET}"
                     find "${DB_DUMP_TARGET}"/  -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \;
-                    if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] ; then
-                        print_info "Syncing changes via blobxfer"
-                        silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only
-                    fi
                 ;;
                 "s3" | "minio" )
                     print_info "Cleaning up old backups on S3 storage"
-                    aws ${PARAM_AWS_ENDPOINT_URL} s3 ls s3://${S3_BUCKET}/${S3_PATH} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} | grep " DIR " -v | grep " PRE " -v | while read -r s3_file; do
+                    aws ${PARAM_AWS_ENDPOINT_URL} s3 ls s3://${S3_BUCKET}/${S3_PATH}/ ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} | grep " DIR " -v | grep " PRE " -v | while read -r s3_file; do
                         s3_createdate=$(echo $s3_file | awk {'print $1" "$2'})
                         s3_createdate=$(date -d "$s3_createdate" "+%s")
                         s3_olderthan=$(echo $(( $(date +%s)-${DB_CLEANUP_TIME}*60 )))
@@ -479,7 +511,7 @@ cleanup_old_data() {
                             s3_filename=$(echo $s3_file | awk {'print $4'})
                             if [ "$s3_filename" != "" ] ; then
                                 print_debug "Deleting $s3_filename"
-                                silent aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS}
+                                aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}/${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS}
                             fi
                         fi
 
@@ -492,6 +524,7 @@ cleanup_old_data() {
     fi
 }
 
+
 compression() {
    if var_false "${ENABLE_PARALLEL_COMPRESSION}" ; then
        PARALLEL_COMPRESSION_THREADS=1
@@ -559,7 +592,7 @@ compression() {
 
 create_archive() {
     if [ "${exit_code}" = "0" ] ; then
-        print_notice "Creating archive file of '${target_dir}' with tar ${compresion_string}"
+        print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}"
         tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}"
     else
         print_error "Skipping creating archive file because backup did not complete successfully"
@@ -624,8 +657,12 @@ move_dbbackup() {
             ;;
             "s3" | "minio" )
                 print_debug "Moving backup to S3 Bucket"
-                export AWS_ACCESS_KEY_ID=${S3_KEY_ID}
+                if [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
-                export AWS_SECRET_ACCESS_KEY=${S3_KEY_SECRET}
+                    export AWS_ACCESS_KEY_ID=${S3_KEY_ID}
+                    export AWS_SECRET_ACCESS_KEY=${S3_KEY_SECRET}
+                else
+                    print_debug "Variable S3_KEY_ID or S3_KEY_SECRET is not set. Please ensure sufficiant IAM role is assigned."
+                fi
                 export AWS_DEFAULT_REGION=${S3_REGION}
                 if [ -f "${S3_CERT_CA_FILE}" ] ; then
                     print_debug "Using Custom CA for S3 Backups"
@@ -781,7 +818,7 @@ sanity_test() {
         ;;
     esac
 
-    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
+    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
         sanity_var S3_BUCKET "S3 Bucket"
         sanity_var S3_PATH "S3 Path"
         sanity_var S3_REGION "S3 Region"