bc-backup.conf.template

# Business Central SaaS Backup Configuration
# Copy this file to bc-backup.conf and fill in your values
# IMPORTANT: Keep this file secure! It contains sensitive credentials.

# ===================================
# Azure AD Application Configuration
# ===================================
# Create an Azure AD App Registration with the following:
# 1. Navigate to https://portal.azure.com
# 2. Go to Azure Active Directory > App registrations > New registration
# 3. Name: "BC-Backup-Service" (or your preferred name)
# 4. Supported account types: "Accounts in this organizational directory only"
# 5. After creation, note the following:

# Your Azure AD Tenant ID (Directory ID)
AZURE_TENANT_ID=""

# Application (client) ID from the app registration
AZURE_CLIENT_ID=""

# Client secret (create under Certificates & secrets > New client secret)
# IMPORTANT: Save this immediately - it won't be shown again!
AZURE_CLIENT_SECRET=""

# ===================================
# Azure AD API Permissions
# ===================================
# Add the following API permission to your app:
# 1. Go to API permissions > Add a permission
# 2. Select "Dynamics 365 Business Central"
# 3. Select "Application permissions"
# 4. Check "Automation.ReadWrite.All" or "API.ReadWrite.All"
# 5. Click "Grant admin consent" (requires Global Admin)

# ===================================
# Business Central Configuration
# ===================================

# Your BC environment name (e.g., "Production", "Sandbox")
# Find this in BC Admin Center: https://businesscentral.dynamics.com/
BC_ENVIRONMENT_NAME=""

# BC Admin API version (default: v2.21)
BC_API_VERSION="v2.21"

# ===================================
# Azure Storage Configuration
# ===================================
# The BC Admin Center API exports the database to your Azure Storage account.
# You need an Azure Storage account with a SAS URI that has Read, Write, Create, Delete permissions.
#
# To create a SAS URI:
# 1. Go to Azure Portal > Storage Accounts > your account
# 2. Go to "Shared access signature"
# 3. Enable: Blob service, Container+Object resource types, Read+Write+Create+Delete permissions
# 4. Set an appropriate expiry date
# 5. Copy the generated SAS URL

# Azure Storage Account SAS URI (full URI with SAS token)
# Example: https://youraccount.blob.core.windows.net?sv=2021-06-08&ss=b&srt=sco&sp=rwdlac&se=...&sig=...
AZURE_STORAGE_SAS_URI=""

# Azure Storage container name for exports (will be created automatically)
AZURE_STORAGE_CONTAINER="bc-exports"

# ===================================
# Encryption Configuration
# ===================================

# Strong passphrase for GPG encryption
# Generate a secure passphrase: openssl rand -base64 32
# IMPORTANT: Store this securely! You'll need it to decrypt backups.
ENCRYPTION_PASSPHRASE=""

# Alternative: Use GPG key ID instead of passphrase (leave empty to use passphrase)
# GPG_KEY_ID=""

# ===================================
# S3 Storage Configuration
# ===================================

# S3 bucket name (must already exist with Object Lock enabled)
S3_BUCKET=""

# S3 endpoint URL
# AWS S3: https://s3.amazonaws.com or https://s3.REGION.amazonaws.com
# MinIO: http://minio.example.com:9000 or https://minio.example.com
# Wasabi: https://s3.wasabisys.com or https://s3.REGION.wasabisys.com
# Backblaze: https://s3.REGION.backblazeb2.com
S3_ENDPOINT=""

# AWS Access Key ID (or compatible credentials)
AWS_ACCESS_KEY_ID=""

# AWS Secret Access Key (or compatible credentials)
AWS_SECRET_ACCESS_KEY=""

# S3 region (for AWS, required; for others, may be optional)
AWS_DEFAULT_REGION="us-east-1"

# S3 tool to use: "awscli" (recommended) or "s3cmd"
S3_TOOL="awscli"

# ===================================
# Backup Configuration
# ===================================

# Object lock retention period in days (must match or exceed bucket minimum)
RETENTION_DAYS="30"

# Maximum retry attempts for failed operations
MAX_RETRIES="3"

# Clean up local files after successful upload? (true/false)
CLEANUP_LOCAL="true"

# ===================================
# Optional: Email Notifications
# ===================================

# Enable email notifications on failure? (true/false)
# ENABLE_EMAIL_NOTIFICATIONS="false"

# Email address to send notifications to
# NOTIFICATION_EMAIL=""

# ===================================
# Advanced Configuration
# ===================================

# Maximum time to wait for BC export completion (minutes)
# MAX_EXPORT_WAIT_MINUTES="120"

# Local temporary directory (default: ./temp)
# WORK_DIR="/var/tmp/bc-backup"

# Log directory (default: ./logs)
# LOG_DIR="/var/log/bc-backup"
Initial commit: BC backup project 2026-02-09 18:57:39 +01:00			`# Business Central SaaS Backup Configuration`
			`# Copy this file to bc-backup.conf and fill in your values`
			`# IMPORTANT: Keep this file secure! It contains sensitive credentials.`

			`# ===================================`
			`# Azure AD Application Configuration`
			`# ===================================`
			`# Create an Azure AD App Registration with the following:`
			`# 1. Navigate to https://portal.azure.com`
			`# 2. Go to Azure Active Directory > App registrations > New registration`
			`# 3. Name: "BC-Backup-Service" (or your preferred name)`
			`# 4. Supported account types: "Accounts in this organizational directory only"`
			`# 5. After creation, note the following:`

			`# Your Azure AD Tenant ID (Directory ID)`
			`AZURE_TENANT_ID=""`

			`# Application (client) ID from the app registration`
			`AZURE_CLIENT_ID=""`

			`# Client secret (create under Certificates & secrets > New client secret)`
			`# IMPORTANT: Save this immediately - it won't be shown again!`
			`AZURE_CLIENT_SECRET=""`

			`# ===================================`
			`# Azure AD API Permissions`
			`# ===================================`
			`# Add the following API permission to your app:`
			`# 1. Go to API permissions > Add a permission`
			`# 2. Select "Dynamics 365 Business Central"`
			`# 3. Select "Application permissions"`
			`# 4. Check "Automation.ReadWrite.All" or "API.ReadWrite.All"`
			`# 5. Click "Grant admin consent" (requires Global Admin)`

			`# ===================================`
			`# Business Central Configuration`
			`# ===================================`

			`# Your BC environment name (e.g., "Production", "Sandbox")`
			`# Find this in BC Admin Center: https://businesscentral.dynamics.com/`
			`BC_ENVIRONMENT_NAME=""`

fix: correct BC Admin Center API endpoints for database export - Fix endpoint paths from /applications/businesscentral/environments/{env}/databaseExports to /exports/applications/BusinessCentral/environments/{env} - Add Azure Storage SAS URI support (required by current export API) - Update default API version from v2.15 to v2.21 - Add export metrics check before initiating export - Use export history endpoint for status polling - Download BACPAC from Azure Storage instead of expecting blobUri response Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 19:21:06 +01:00			`# BC Admin API version (default: v2.21)`
			`BC_API_VERSION="v2.21"`

			`# ===================================`
			`# Azure Storage Configuration`
			`# ===================================`
			`# The BC Admin Center API exports the database to your Azure Storage account.`
			`# You need an Azure Storage account with a SAS URI that has Read, Write, Create, Delete permissions.`
			`#`
			`# To create a SAS URI:`
			`# 1. Go to Azure Portal > Storage Accounts > your account`
			`# 2. Go to "Shared access signature"`
			`# 3. Enable: Blob service, Container+Object resource types, Read+Write+Create+Delete permissions`
			`# 4. Set an appropriate expiry date`
			`# 5. Copy the generated SAS URL`

			`# Azure Storage Account SAS URI (full URI with SAS token)`
			`# Example: https://youraccount.blob.core.windows.net?sv=2021-06-08&ss=b&srt=sco&sp=rwdlac&se=...&sig=...`
			`AZURE_STORAGE_SAS_URI=""`

			`# Azure Storage container name for exports (will be created automatically)`
			`AZURE_STORAGE_CONTAINER="bc-exports"`
Initial commit: BC backup project 2026-02-09 18:57:39 +01:00
			`# ===================================`
			`# Encryption Configuration`
			`# ===================================`

			`# Strong passphrase for GPG encryption`
			`# Generate a secure passphrase: openssl rand -base64 32`
			`# IMPORTANT: Store this securely! You'll need it to decrypt backups.`
			`ENCRYPTION_PASSPHRASE=""`

			`# Alternative: Use GPG key ID instead of passphrase (leave empty to use passphrase)`
			`# GPG_KEY_ID=""`

			`# ===================================`
			`# S3 Storage Configuration`
			`# ===================================`

			`# S3 bucket name (must already exist with Object Lock enabled)`
			`S3_BUCKET=""`

			`# S3 endpoint URL`
			`# AWS S3: https://s3.amazonaws.com or https://s3.REGION.amazonaws.com`
			`# MinIO: http://minio.example.com:9000 or https://minio.example.com`
			`# Wasabi: https://s3.wasabisys.com or https://s3.REGION.wasabisys.com`
			`# Backblaze: https://s3.REGION.backblazeb2.com`
			`S3_ENDPOINT=""`

			`# AWS Access Key ID (or compatible credentials)`
			`AWS_ACCESS_KEY_ID=""`

			`# AWS Secret Access Key (or compatible credentials)`
			`AWS_SECRET_ACCESS_KEY=""`

			`# S3 region (for AWS, required; for others, may be optional)`
			`AWS_DEFAULT_REGION="us-east-1"`

			`# S3 tool to use: "awscli" (recommended) or "s3cmd"`
			`S3_TOOL="awscli"`

			`# ===================================`
			`# Backup Configuration`
			`# ===================================`

			`# Object lock retention period in days (must match or exceed bucket minimum)`
			`RETENTION_DAYS="30"`

			`# Maximum retry attempts for failed operations`
			`MAX_RETRIES="3"`

			`# Clean up local files after successful upload? (true/false)`
			`CLEANUP_LOCAL="true"`

			`# ===================================`
			`# Optional: Email Notifications`
			`# ===================================`

			`# Enable email notifications on failure? (true/false)`
			`# ENABLE_EMAIL_NOTIFICATIONS="false"`

			`# Email address to send notifications to`
			`# NOTIFICATION_EMAIL=""`

			`# ===================================`
			`# Advanced Configuration`
			`# ===================================`

			`# Maximum time to wait for BC export completion (minutes)`
			`# MAX_EXPORT_WAIT_MINUTES="120"`

			`# Local temporary directory (default: ./temp)`
			`# WORK_DIR="/var/tmp/bc-backup"`

			`# Log directory (default: ./logs)`
			`# LOG_DIR="/var/log/bc-backup"`