add option to pgp/gpg encrypt scp dumps

2 files changed, 19 insertions, 2 deletions

diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index 6f7b2d6d8..d35b1ac3d 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -1178,6 +1178,13 @@ httemplate/docs/config.html
   },
 
   {
+    'key'         => 'dump-pgpid',
+    'section'     => '',
+    'description' => "Optional PGP public key user or key id for database dumps.  The public key should exist on the freeside user's public keyring, and the gpg binary and GnuPG perl module should be installed.",
+    'type'        => 'text',
+  },
+
+  {
     'key'         => 'users-allow_comp',
     'section'     => '',
     'description' => 'Usernames (Freeside users, created with <a href="../docs/man/bin/freeside-adduser.html">freeside-adduser</a>) which can create complimentary customers, one per line.  If no usernames are entered, all users can create complimentary accounts.',
diff --git a/FS/bin/freeside-daily b/FS/bin/freeside-daily
index 00de2987a..99d95d5d2 100755
--- a/FS/bin/freeside-daily
+++ b/FS/bin/freeside-daily
@@ -63,7 +63,6 @@ if ( driver_name eq 'Pg' ) {
   }
 }
 
-#local hack
 my $conf = new FS::Conf;
 my $dest = $conf->config('dump-scpdest');
 if ( $dest ) {
@@ -75,7 +74,18 @@ if ( $dest ) {
   } else {
     die "database dumps not yet supported for ". driver_name;
   }
-  scp("/var/tmp/$database.sql", $dest);
+  if ( $conf->config('dump-pgpid') ) {
+    eval 'use GnuPG';
+    my $gpg = new GnuPG;
+    $gpg->encrypt( plaintext => "/var/tmp/$database.sql",
+                   output    => "/var/tmp/$database.gpg",
+                   recipient => $conf->config('dump-pgpid'),
+                 );
+    scp("/var/tmp/$database.gpg", $dest);
+    unlink "/var/tmp/$database.gpg" or die $!;
+  } else {
+    scp("/var/tmp/$database.sql", $dest);
+  }
   unlink "/var/tmp/$database.sql" or die $!;
 }