MokoConsulting/MokoSuiteBackup
1
0
Fork 0
Code Issues 3 Pull Requests Packages Releases 2 Wiki Activity

feat: SFTP remote storage with key file auth + CLI restore options #94

Merged
jmiller merged 1 commits from feat/sftp-keyfile into main 2026-06-23 13:22:29 +00:00
Conversation 0 Commits 1 Files Changed 11
+389 -1
jmiller commented 2026-06-23 13:21:45 +00:00
Owner
Copy Link
Copy Source

Summary

SFTP Remote Storage

New sftp remote storage type using system scp/ssh binaries with SSH key authentication.

Key storage: Private key is pasted into a textarea in the profile form and stored as MEDIUMTEXT in #__mokosuitebackup_profiles. At upload time, the key is written to a temp file with 0600 permissions, used for the SCP transfer, then deleted. No key files left on disk.

Authentication: Supports key file (primary) or password fallback. Key passphrase field available but requires ssh-agent for encrypted keys.

Profile fields: host, port, username, password, key textarea, passphrase, remote path — all conditionally shown via showon="remote_storage:sftp".

CLI Restore Options

mokosuitebackup:restore now supports:

  • --files-only — restore files without touching database
  • --db-only — restore database without touching files
  • --no-preserve-config — overwrite configuration.php
  • --password — decryption password for encrypted archives

Integration

  • BackupEngine + SteppedBackupEnginesftp in createUploader() match
  • PreflightCheck — validates SFTP host, username, key/password
  • API credential masking — SFTP fields included
  • SQL migration 01.35.00.sql — 7 new columns

Test Plan

  • Configure SFTP profile with key file → backup uploads via SCP
  • Configure SFTP with password → backup uploads via SCP
  • Missing SFTP host shows preflight warning
  • API profiles endpoint masks sftp_key_data and sftp_password
  • CLI: mokosuitebackup:restore 1 --files-only restores files only
  • CLI: mokosuitebackup:restore 1 --db-only restores DB only
## Summary ### SFTP Remote Storage New `sftp` remote storage type using system `scp`/`ssh` binaries with SSH key authentication. **Key storage**: Private key is pasted into a textarea in the profile form and stored as `MEDIUMTEXT` in `#__mokosuitebackup_profiles`. At upload time, the key is written to a temp file with `0600` permissions, used for the SCP transfer, then deleted. No key files left on disk. **Authentication**: Supports key file (primary) or password fallback. Key passphrase field available but requires ssh-agent for encrypted keys. **Profile fields**: host, port, username, password, key textarea, passphrase, remote path — all conditionally shown via `showon="remote_storage:sftp"`. ### CLI Restore Options `mokosuitebackup:restore` now supports: - `--files-only` — restore files without touching database - `--db-only` — restore database without touching files - `--no-preserve-config` — overwrite configuration.php - `--password` — decryption password for encrypted archives ### Integration - `BackupEngine` + `SteppedBackupEngine` — `sftp` in `createUploader()` match - `PreflightCheck` — validates SFTP host, username, key/password - API credential masking — SFTP fields included - SQL migration `01.35.00.sql` — 7 new columns ## Test Plan - [ ] Configure SFTP profile with key file → backup uploads via SCP - [ ] Configure SFTP with password → backup uploads via SCP - [ ] Missing SFTP host shows preflight warning - [ ] API profiles endpoint masks sftp_key_data and sftp_password - [ ] CLI: `mokosuitebackup:restore 1 --files-only` restores files only - [ ] CLI: `mokosuitebackup:restore 1 --db-only` restores DB only
jmiller added the component: enginecomponent: remote labels 2026-06-23 13:21:45 +00:00
jmiller added 1 commit 2026-06-23 13:21:46 +00:00
feat: SFTP remote storage with key file auth + CLI restore options
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions
Details
Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions
Details
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Details
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Details
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 7s
Details
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 13s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 9s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 9s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 34s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 27s
Details
f66100f74f 
SFTP support:
- SftpUploader uses system scp/ssh binaries with key file auth
- Private key stored as MEDIUMTEXT in profile table (sftp_key_data)
- Key written to temp file (0600) at upload time, deleted after
- Profile form: host, port, username, password, key textarea,
  passphrase, remote path — all with showon="remote_storage:sftp"
- SQL migration for 7 new SFTP columns
- Wired into BackupEngine, SteppedBackupEngine, PreflightCheck
- API credential masking includes SFTP fields

CLI restore options:
- --files-only: restore files without touching database
- --db-only: restore database without touching files
- --no-preserve-config: overwrite configuration.php
- --password: decryption password for encrypted archives
jmiller merged commit bc3085f74b into main 2026-06-23 13:22:29 +00:00
jmiller deleted branch feat/sftp-keyfile 2026-06-23 13:22:30 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
component: admin
Admin UI and views
 component: api
REST API
 component: engine
Backup/restore engine
 component: remote
Remote storage (FTP/GDrive)
 component: scheduler
Scheduled tasks
No labels component: engine component: remote
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteBackup#94
Delete Branch "feat/sftp-keyfile"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?