Truffle Security takes great care not store credentials that we find in TruffleHog Enterprise, but the product’s databases still contain business-critical information that we need to provide our service, and we have taken care to protect it from disasters by making offsite backups.
We're excited to announce the release of cloudsql-exporter, an open source tool that allows you to easily export your Cloud SQL databases in a given Google Cloud Platform (GCP) project to a Google Cloud Storage (GCS) bucket.
Not only does cloudsql-exporter support automatic enumeration of Cloud SQL instances and their databases within a project, but it can also ensure that the correct IAM role bindings are in place for a successful export. This means you can have peace of mind that your data is being securely and efficiently transferred to GCS.
But why might you want to use cloudsql-exporter in addition to the built-in Cloud SQL backup functionality? Cloud SQL backups are tied to the Cloud SQL instance, meaning that if the instance itself is deleted, the backups are deleted as well. Similarly, if the GCP project is deleted, both the instance and the backups will be deleted. By exporting your database to a separate GCS bucket, preferably in another GCP project within another account, you can provide extra assurance of data retention in these scenarios. Additionally, you have much more control over data retention when using cloudsql-exporter.
Installing cloudsql-exporter is easy. You can compile it with Go, use release binaries, run it as a Docker container, or even install it using Brew. And for those interested in automating the process, we have a wish-list item for providing a Terraform module for running cloudsql-exporter in Cloud Run on a schedule.
We hope that cloudsql-exporter will be a valuable addition to your data management toolkit. Give it a try and let us know what you think!