#!/bin/sh

# CRON
## delete encrypted backups older than 5 days
#55 3 * * * find /path/to/backups-enc -mtime +5 -exec rm {} \;
## delete un-encrypted backups older than 1 days
#55 3 * * * find /path/to/backups -mtime +0 -exec rm {} \;
## database dump at 4am UTC = 8pm PST (9pm PDT)
#0 4 * * * /path/to/this/script

MASTER="YYYY.us-west-1.rds.amazonaws.com"
SLAVE="XXXX.us-west-1.rds.amazonaws.com"
DB_HOST=$SLAVE
DB_NAME=""
DB_USER=""
DB_PASS=""
FILE_NAME="db-$(date +%Y-%m-%d-%H:%M).sql.gz"

# save only encrypted version
#mysqldump -u ${DB_USER} -p${DB_PASS} -h ${DB_HOST} ${DB_NAME} | gzip -c | openssl aes-256-cbc -salt -e -pass file:/path/to/password.txt > /path/to/backups-enc/${FILE_NAME}.enc

# save unencrypted version
mysqldump -u ${DB_USER} -p${DB_PASS} -h ${DB_HOST} ${DB_NAME} | gzip -c > /path/to/backups/${FILE_NAME}

# encrypt the version that gets backed up offsite
cat /path/to/backups/${FILE_NAME} | openssl aes-256-cbc -salt -e -pass file:/path/to/password.txt > /path/to/backups-enc/${FILE_NAME}.enc