# Business Central SaaS Backup Configuration # Copy this file to bc-backup.conf and fill in your values # IMPORTANT: Keep this file secure! It contains sensitive credentials. # =================================== # Azure AD Application Configuration # =================================== # Create an Azure AD App Registration with the following: # 1. Navigate to https://portal.azure.com # 2. Go to Azure Active Directory > App registrations > New registration # 3. Name: "BC-Backup-Service" (or your preferred name) # 4. Supported account types: "Accounts in this organizational directory only" # 5. After creation, note the following: # Your Azure AD Tenant ID (Directory ID) AZURE_TENANT_ID="" # Application (client) ID from the app registration AZURE_CLIENT_ID="" # Client secret (create under Certificates & secrets > New client secret) # IMPORTANT: Save this immediately - it won't be shown again! AZURE_CLIENT_SECRET="" # =================================== # Azure AD API Permissions # =================================== # Add the following API permission to your app: # 1. Go to API permissions > Add a permission # 2. Select "Dynamics 365 Business Central" # 3. Select "Application permissions" # 4. Check "API.ReadWrite.All" # 5. Click "Grant admin consent" (requires Global Admin) # =================================== # Business Central Configuration # =================================== # Your BC environment name (e.g., "Production", "Sandbox") # Find this in BC Admin Center: https://businesscentral.dynamics.com/ BC_ENVIRONMENT_NAME="" # Optional: Limit export to a specific company name # Leave empty to export all companies in the environment BC_COMPANY_NAME="" # =================================== # Encryption Configuration # =================================== # Strong passphrase for GPG encryption # Generate a secure passphrase: openssl rand -base64 32 # IMPORTANT: Store this securely! You'll need it to decrypt backups. ENCRYPTION_PASSPHRASE="" # Alternative: Use GPG key ID instead of passphrase (leave empty to use passphrase) # GPG_KEY_ID="" # =================================== # S3 Storage Configuration # =================================== # S3 bucket name (must already exist with Object Lock enabled) S3_BUCKET="" # S3 endpoint URL # AWS S3: https://s3.amazonaws.com or https://s3.REGION.amazonaws.com # MinIO: http://minio.example.com:9000 or https://minio.example.com # Wasabi: https://s3.wasabisys.com or https://s3.REGION.wasabisys.com # Backblaze: https://s3.REGION.backblazeb2.com S3_ENDPOINT="" # AWS Access Key ID (or compatible credentials) AWS_ACCESS_KEY_ID="" # AWS Secret Access Key (or compatible credentials) AWS_SECRET_ACCESS_KEY="" # S3 region (for AWS, required; for others, may be optional) AWS_DEFAULT_REGION="us-east-1" # S3 tool to use: "awscli" (recommended) or "s3cmd" S3_TOOL="awscli" # =================================== # Backup Configuration # =================================== # Object lock retention period in days (must match or exceed bucket minimum) RETENTION_DAYS="30" # Maximum retry attempts for failed operations MAX_RETRIES="3" # Clean up local files after successful upload? (true/false) CLEANUP_LOCAL="true" # =================================== # Optional: Email Notifications # =================================== # Enable email notifications on failure? (true/false) # ENABLE_EMAIL_NOTIFICATIONS="false" # Email address to send notifications to # NOTIFICATION_EMAIL="" # =================================== # Advanced Configuration # =================================== # Local temporary directory (default: ./temp) # WORK_DIR="/var/tmp/bc-backup" # Log directory (default: ./logs) # LOG_DIR="/var/log/bc-backup"