#!/bin/bash # # Business Central Backup Decryption Utility # Decrypts a GPG-encrypted BACPAC backup file # set -euo pipefail # Colors GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' echo_info() { echo -e "${GREEN}[INFO]${NC} $*" } echo_warn() { echo -e "${YELLOW}[WARN]${NC} $*" } echo_error() { echo -e "${RED}[ERROR]${NC} $*" } # Check if GPG is installed if ! command -v gpg &> /dev/null; then echo_error "GPG is not installed. Install it first:" echo " Ubuntu/Debian: sudo apt-get install gnupg" echo " CentOS/RHEL: sudo yum install gnupg2" exit 1 fi # Usage information show_usage() { cat << EOF Business Central Backup Decryption Utility Usage: $0 [output-file] Arguments: Path to the encrypted .gpg backup file [output-file] Optional: Path for decrypted output (default: removes .gpg extension) Examples: # Decrypt to default name (backup.bacpac) $0 backup.bacpac.gpg # Decrypt to specific name $0 backup.bacpac.gpg restored_database.bacpac # Download from S3 and decrypt aws s3 cp s3://bucket/backups/bc_backup_Production_20260107_100000.bacpac.gpg ./backup.gpg $0 backup.gpg Note: You will be prompted for the encryption passphrase. This is the ENCRYPTION_PASSPHRASE from bc-backup.conf EOF } # Check arguments if [[ $# -lt 1 ]]; then show_usage exit 1 fi ENCRYPTED_FILE="$1" OUTPUT_FILE="${2:-}" # Validate encrypted file exists if [[ ! -f "$ENCRYPTED_FILE" ]]; then echo_error "Encrypted file not found: $ENCRYPTED_FILE" exit 1 fi # Determine output filename if [[ -z "$OUTPUT_FILE" ]]; then # Remove .gpg extension OUTPUT_FILE="${ENCRYPTED_FILE%.gpg}" # If still the same (no .gpg extension), append .decrypted if [[ "$OUTPUT_FILE" == "$ENCRYPTED_FILE" ]]; then OUTPUT_FILE="${ENCRYPTED_FILE}.decrypted" fi fi # Check if output file already exists if [[ -f "$OUTPUT_FILE" ]]; then echo_warn "Output file already exists: $OUTPUT_FILE" read -p "Overwrite? (y/n) " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]]; then echo_info "Aborted." exit 0 fi fi echo_info "=========================================" echo_info "BC Backup Decryption" echo_info "=========================================" echo_info "Encrypted file: $ENCRYPTED_FILE" echo_info "Output file: $OUTPUT_FILE" echo_info "File size: $(du -h "$ENCRYPTED_FILE" | cut -f1)" echo "" echo_warn "You will be prompted for the encryption passphrase" echo_warn "This is the ENCRYPTION_PASSPHRASE from bc-backup.conf" echo "" # Decrypt the file if gpg \ --decrypt \ --output "$OUTPUT_FILE" \ "$ENCRYPTED_FILE"; then echo "" echo_info "=========================================" echo_info "Decryption completed successfully!" echo_info "=========================================" echo_info "Decrypted file: $OUTPUT_FILE" echo_info "File size: $(du -h "$OUTPUT_FILE" | cut -f1)" echo "" echo_info "Next steps for restoration:" echo "" echo "1. Install SqlPackage (if not already installed):" echo " Download from: https://learn.microsoft.com/en-us/sql/tools/sqlpackage/sqlpackage-download" echo "" echo "2. Create or identify target Azure SQL Database" echo "" echo "3. Import the BACPAC:" echo " sqlpackage /a:Import \\" echo " /sf:$OUTPUT_FILE \\" echo " /tsn:your-server.database.windows.net \\" echo " /tdn:RestoredBCDatabase \\" echo " /tu:admin \\" echo " /tp:YourPassword" echo "" echo "4. Contact Microsoft Support to connect BC to the restored database" echo "" exit 0 else echo "" echo_error "Decryption failed!" echo_error "Possible causes:" echo " - Incorrect passphrase" echo " - Corrupted encrypted file" echo " - File is not GPG-encrypted" exit 1 fi