Performing an encrypted backup in MariaDB involves several steps, including creating the backup, transferring it to the target server, and restoring it. Here is a run-book to perform an encrypted MariaDB backup in which restore will happen only if the target MariaDB server has keys/SSL related things of the source MariaDB server:

  1. Configure SSL on the source MariaDB server:
    • Generate a certificate and key pair for SSL encryption.
    • Edit the my.cnf file to enable SSL by setting the ssl-cert and ssl-key options to the appropriate paths for the certificate and key files.
    • Restart the MariaDB server to apply the changes.
  2. Configure SSL on the target MariaDB server:
    • Repeat the same steps as for the source MariaDB server.
  3. Create the encrypted backup on the source MariaDB server:
    • Use the mysqldump command to create a backup of the database(s) you want to backup.
    • Use the –ssl-ca, –ssl-cert, and –ssl-key options to specify the paths to the CA certificate, client certificate, and client key files, respectively. This will ensure that the backup is encrypted with SSL.
    • Save the backup file to a secure location.
  4. Transfer the encrypted backup to the target server:
    • Use a secure transfer method such as SCP, SFTP, or HTTPS to transfer the backup file to the target server.
    • Ensure that the transfer method also uses SSL encryption to protect the backup file during transit.
  5. Restore the encrypted backup on the target server:
    • Use the mysql command to restore the backup file on the target server.
    • Use the –ssl-ca, –ssl-cert, and –ssl-key options to specify the paths to the CA certificate, client certificate, and client key files, respectively. This will ensure that the restore operation is encrypted with SSL.
    • If the SSL connection fails due to missing or incorrect SSL keys or certificates, the restore operation should not proceed.
    • Verify the data in the restored database to ensure that the backup was successful.

By following this run-book, you can ensure that the encrypted backup can only be restored on a server that has the necessary SSL keys and certificates, providing an additional layer of security for your data.