Skip to content

Commit 26dd774

Browse files
RafSzafRafSzaf
authored
Merge pull request #253 from oracle-devrel/storage-01.20.13.07.2023
Update secure.storage.sh
2 parents 185af3e + d0c9159 commit 26dd774

File tree

1 file changed

+37
-34
lines changed

1 file changed

+37
-34
lines changed

cloud-infrastructure/storage/block-storage/asset/secure.storage.sh

Lines changed: 37 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#!/bin/bash
22
#
3-
# Version: @(#).secure.storage.sh 1.0.0
3+
# Version: @(#).secure.storage.sh 1.0.1
44
# License
55
# Copyright (c) 2023 Oracle and/or its affiliates.
66
# Licensed under the Universal Permissive License (UPL), Version 1.0.
@@ -11,9 +11,11 @@
1111
#
1212
# Update history:
1313
#
14+
# V 1.0.1 12.07.2023 add Changing the encryption key for a volume backup
1415
# V 1.0.0 28.06.2023 initial version
1516
#
1617

18+
1719
# ---------------------------------------------------------------------------------------------------------------------------------------------
1820
# prepare environement (load functions)
1921
# ---------------------------------------------------------------------------------------------------------------------------------------------
@@ -36,14 +38,14 @@ echo "=====================================================================" >>
3638
echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S") " >> "${LOG_FILE}"
3739
echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
3840

39-
color_print "${MYcolor}" "${PF1} create BLOCK volume"
40-
if [ 1 -eq 1 ] ; then # create BLOCK volume
4141

42+
if [ 1 -eq 1 ] ; then # create BLOCK volume
43+
color_print "${MYcolor}" "${PF1} create BLOCK volume"
4244
if [ ${CREATE_BLOCK_VOLUME} -eq 1 ] ; then # create block volume
4345
oci --profile "${REGION_PROFILE}" bv volume create --availability-domain "${FRANKFURT_AVAILABILITY_DOMAIN}" \
4446
--compartment-id "${COMPARTMENT_OCID}" \
45-
--display-name "${FRANKFURT_BLOCK_VOLUME_NAME}" \
46-
--size-in-gbs 50 \
47+
--display-name "${FRANKFURT_BLOCK_VOLUME_NAME}" \
48+
--size-in-gbs 50 \
4749
--wait-for-state "AVAILABLE"
4850
fi
4951

@@ -61,8 +63,8 @@ fi
6163
done
6264
fi
6365

64-
color_print "${MYcolor}" "${PF1} get VAULT details"
6566
if [ 1 -eq 1 ] ; then # get VAULT details
67+
color_print "${MYcolor}" "${PF1} get VAULT details"
6668
tempfile myTEMPFILE
6769
oci --profile "${REGION_PROFILE}" kms management vault get --vault-id "${VAULT_OCID}" > "${myTEMPFILE}"
6870
myNAME=$( cat "${myTEMPFILE}" | grep "display-name" | awk '{print $2}' | sed 's/\"//g' | sed 's/,//g' )
@@ -76,9 +78,8 @@ if [ 1 -eq 1 ] ; then # get VAULT details
7678
echo "${PF1} Master Encryption Key name: ${myNAME}" >> "${LOG_FILE}"
7779
fi
7880

79-
color_print "${MYcolor}" "${PF1} create BLOCK volume backup"
8081
if [ 1 -eq 1 ] ; then # create BLOCK volume backup
81-
82+
color_print "${MYcolor}" "${PF1} create BLOCK volume backup"
8283
if [ ${CREATE_BLOCK_VOLUME_BACKUP} -eq 1 ] ; then # create block volume backup
8384
oci --profile "${REGION_PROFILE}" bv backup create --volume-id "${BLOCK_VOLUME_OCID}" --display-name "${FRANKFURT_BLOCK_VOLUME_NAME}Backup" --wait-for-state "AVAILABLE"
8485
fi
@@ -101,8 +102,7 @@ echo "${PF1} --------------------------------------------------------------" >>
101102
echo " " >> "${LOG_FILE}"
102103
fi
103104

104-
105-
MYOUTPUT="Secure Storage with Customer-managed Key" && MYCOUNT=$(($MYCOUNT + 1))
105+
MYOUTPUT="Secure Storage with Customer managed Key" && MYCOUNT=$(($MYCOUNT + 1))
106106
if [ 1 -eq 1 ] ; then
107107
color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
108108

@@ -116,60 +116,63 @@ echo "=====================================================================" >>
116116
echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S")" >> "${LOG_FILE}"
117117
echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
118118

119-
color_print "${MYcolor}" "${PF1} BLOCK volume change from Oracle-managed Key to Customer-managed Key"
120-
if [ 1 -eq 1 ] ; then # BLOCK volume change from Oracle-managed Key to Customer-managed Key
119+
if [ 1 -eq 1 ] ; then # BLOCK volume change from Oracle managed Key to Customer managed Key
120+
color_print "${MYcolor}" "${PF1} BLOCK volume change from Oracle managed Key to Customer managed Key"
121121
oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
122-
echo "${PF1} BLOCK volume change from Oracle-managed Key to Customer-managed Key" >> "${LOG_FILE}"
122+
echo "${PF1} BLOCK volume change from Oracle managed Key to Customer managed Key ${MasterEncryptionKey_OCID}" >> "${LOG_FILE}"
123123
fi
124124

125-
color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Oracle-managed Key to Customer-managed Key (coming soon)"
126-
if [ 1 -eq 0 ] ; then # BLOCK volume backup change from Oracle-managed Key to Customer-managed Key (coming soon)
125+
if [ 1 -eq 1 ] ; then # BLOCK volume backup change from Oracle managed Key to Customer managed Key
127126
: ' ---------------------------------------------------------------------------------------------------------------------------------------
128-
Backup Data in Storage Services https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
127+
Backup Data in Storage Services https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
128+
Changing the encryption key for a volume backup https://docs.oracle.com/en-us/iaas/releasenotes/changes/1d439da6-eeec-4fa2-acef-89be177ce266/
129+
Release Date: July 12, 2023; bv backup-kms-key update is availaible since oci cli version 3.29.3
129130
-------------------------------------------------------------------------------------------------------------------------------------------'
130-
oci --profile "${REGION_PROFILE}" bv backup-kms-key update --volume-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
131-
131+
color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Oracle managed Key to Customer managed Key"
132132
oci --profile "${REGION_PROFILE}" bv backup update --volume-backup-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
133-
echo "${PF1} BLOCK volume backup change from Oracle-managed Key to Customer-managed Key" >> "${LOG_FILE}"
133+
echo "${PF1} BLOCK volume backup change from Oracle managed Key to Customer managed Key ${MasterEncryptionKey_OCID}" >> "${LOG_FILE}"
134134
fi
135135

136-
color_print "${MYcolor}" "${PF1} Rotation of Customer-managed Key"
137-
if [ 1 -eq 1 ] ; then # Rotation of Customer-managed Key
138-
136+
if [ 1 -eq 1 ] ; then # Rotation of Customer managed Key
139137
: ' ---------------------------------------------------------------------------------------------------------------------------------------
140138
Periodically rotating keys limits the amount of data
141139
encrypted or signed by one key version. If a key is
142140
ever compromised, key rotation thus reduces the risk. https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm#concepts
143141
kms management key-version create https://docs.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/kms/management/key-version/create.html
144142
-------------------------------------------------------------------------------------------------------------------------------------------'
145-
143+
color_print "${MYcolor}" "${PF1} Rotation of Customer managed Key"
146144
oci --profile "${REGION_PROFILE}" kms management key-version create --key-id "${MasterEncryptionKey_OCID}" --endpoint "${ManagementEndpoint}" --wait-for-state "ENABLED"
147-
echo "${PF1} Rotation of Customer-managed Key" >> "${LOG_FILE}"
145+
echo "${PF1} Rotation of Customer managed Key" >> "${LOG_FILE}"
148146
fi
149147

150148
echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
151149
echo " " >> "${LOG_FILE}"
152150
fi
153151

154-
MYOUTPUT="Secure Storage with Oracle-managed Key" && MYCOUNT=$(($MYCOUNT + 1))
152+
MYOUTPUT="Secure Storage with Oracle managed Key" && MYCOUNT=$(($MYCOUNT + 1))
155153
if [ 1 -eq 1 ] ; then
156154
color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
157155

158-
echo "Secure Storage with Oracle-managed Key" >> "${LOG_FILE}"
156+
echo "Secure Storage with Oracle managed Key" >> "${LOG_FILE}"
159157
echo "=====================================================================" >> "${LOG_FILE}"
160158
echo "${PF1} $(date "+%d.%m.%Y %H:%M:%S")" >> "${LOG_FILE}"
161159
echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
162160

163-
color_print "${MYcolor}" "${PF1} BLOCK volume change from Customer-managed Key to Oracle-managed Key"
164161
if [ 1 -eq 1 ] ; then # BLOCK volume change from Customer managed Key to Oracle managed Key
165-
oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
166-
echo "${PF1} BLOCK volume change from Customer-managed Key to Oracle-managed Key" >> "${LOG_FILE}"
162+
color_print "${MYcolor}" "${PF1} BLOCK volume change from Customer managed Key to Oracle managed Key"
163+
oci --profile "${REGION_PROFILE}" bv volume-kms-key update --volume-id "${BLOCK_VOLUME_OCID}" --kms-key-id ""
164+
echo "${PF1} BLOCK volume change from Customer managed Key to Oracle managed Key" >> "${LOG_FILE}"
167165
fi
168166

169-
color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Customer-managed Key to Oracle-managed Key (coming soon)"
170-
if [ 1 -eq 0 ] ; then # BLOCK volume backup change from Customer-managed Key to Oracle-managed Key (coming soon)
171-
#oci --profile "${REGION_PROFILE}" bv backup-kms-key update --volume-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id "${MasterEncryptionKey_OCID}"
172-
echo "${PF1} BLOCK volume backup change from Customer-managed Key to Oracle-managed Key" >> "${LOG_FILE}"
167+
if [ 1 -eq 1 ] ; then # BLOCK volume backup change from Customer managed Key to Oracle managed Key
168+
: ' ---------------------------------------------------------------------------------------------------------------------------------------
169+
Backup Data in Storage Services https://docs.oracle.com/en/solutions/oci-best-practices/back-your-data1.html
170+
Changing the encryption key for a volume backup https://docs.oracle.com/en-us/iaas/releasenotes/changes/1d439da6-eeec-4fa2-acef-89be177ce266/
171+
Release Date: July 12, 2023; bv backup-kms-key update is availaible since oci cli version 3.29.3
172+
-------------------------------------------------------------------------------------------------------------------------------------------'
173+
color_print "${MYcolor}" "${PF1} BLOCK volume backup change from Customer managed Key to Oracle managed Key"
174+
oci --profile "${REGION_PROFILE}" bv backup update --volume-backup-id "${BLOCK_VOLUME_BACKUP_OCID}" --kms-key-id ""
175+
echo "${PF1} BLOCK volume backup change from Customer managed Key to Oracle managed Key" >> "${LOG_FILE}"
173176
fi
174177

175178
echo "${PF1} --------------------------------------------------------------" >> "${LOG_FILE}"
@@ -181,4 +184,4 @@ MYOUTPUT="End of Programm" && MYCOUNT=$(($MYCOUNT + 1))
181184
color_print "${IGreen}" "($MYCOUNT) $(date "+%d.%m.%Y %H:%M:%S") : $MYOUTPUT"
182185
# ---------------------------------------------------------------------------------------------------------------------------------------------
183186
# end of file
184-
# ---------------------------------------------------------------------------------------------------------------------------------------------
187+
# ---------------------------------------------------------------------------------------------------------------------------------------------

0 commit comments

Comments
 (0)