Secure Backup of Docker Compose Environment Variables⚓︎

Overview⚓︎

This guide provides a secure method for backing up Docker Compose environment variables using GPG encryption with storage in a private GitHub repository.

Prerequisites⚓︎

GPG installed (apt install gnupg or brew install gnupg)
Git installed
GitHub CLI installed (optional for Gist backup)
Access to the private repository: https://github.com/davelevine/docker.git

TL;DR⚓︎

# Initial setup (one-time)
git clone https://github.com/davelevine/docker.git
cd docker

# Backup process
cp /path/to/your/.env ./local.env
gpg --armor -c local.env    # Creates local.env.asc with password protection
git add local.env.asc
git commit -m "Update encrypted env vars"
git push origin main

# Recovery process
git pull                    # Get latest from repository
gpg -d local.env.asc > .env # Enter password to restore
mv .env /path/to/your/docker/project/

Backup Procedure⚓︎

Set up the repository (one-time setup)⚓︎

# Clone the repository if you haven't already
git clone https://github.com/davelevine/docker.git
cd docker

# If you already have the repository, ensure it's up to date
git pull

Create and encrypt your environment file⚓︎

# Copy your environment file
cp /path/to/your/.env ./local.env

# Encrypt the file with GPG
gpg --armor -c local.env

You'll be prompted to enter an encryption password
The --armor flag creates ASCII text output (more portable)
This creates local.env.asc, an encrypted version of your file

Commit to private GitHub repository⚓︎

# Add the encrypted file to git
git add local.env.asc

# Commit the changes
git commit -m "Update encrypted environment variables"

# Push to the private repository
git push origin main

Clean up (optional)⚓︎

# Remove the unencrypted copy
rm local.env

Recovery Procedure⚓︎

Retrieve your encrypted file from the repository⚓︎

# Clone the repository if needed
git clone <https://github.com/davelevine/docker.git>
cd docker

# Or pull latest changes if repository already exists
git pull

Decrypt the file⚓︎

gpg -d local.env.asc > .env

Enter the password you used during encryption
This recreates your original .env file

Move to appropriate location⚓︎

# Move to your Docker project directory
mv .env /path/to/your/docker/project/

Automation⚓︎

Create a backup script (backup-env.sh):

# !/bin/bash
# Backup Docker environment variables to private GitHub repository

# Repository directory
REPO_DIR=~/docker
cd $REPO_DIR || { echo "Repository directory not found"; exit 1; }

# Update repository
git pull

# Create backup
cp /path/to/your/docker/project/.env ./env-to-backup
gpg --armor -c env-to-backup
mv env-to-backup.asc ./local.env.asc

# Clean up unencrypted copy
rm env-to-backup

# Commit and push to GitHub
git add local.env.asc
git commit -m "Update encrypted environment variables - $(date +%Y-%m-%d)"
git push origin main

echo "Backup committed and pushed to <https://github.com/davelevine/docker.git>"

Make executable: chmod +x backup-env.sh

Security Considerations⚓︎

Password strength: Use a strong, unique password for GPG encryption
Password storage: Store the GPG password in a password manager
Repository security: Ensure your GitHub repository remains private
Regular rotation: Update encrypted backups when environment variables change