Add metadata for Encrypted Backups

[akankshamahajan15]

This PR adds file_level_encryption metadata file in properties folder inside backup directory during backup creation that contains whether backup files are encrypted or not. It contains 0 or 1.

• It also excludes encryption of other metadata files in properties to keep it consistent and avoid conflicts for fdbackup describe and fdbrestore code path.

• fdbbackup describe shows file level encryption as:

/root/build_output/bin/fdbbackup describe \
  -C /root/backup_testing/s3.1375969.x1Cq/loopback_cluster/fdb.cluster \
  -d 'blobstore://@s3.us-west-2.amazonaws.com/ctests/test_s3_backup_and_restore?bucket=backup-112664522426-us-west-2&region=us-west-2&secure_connection=1' \
  --blob-credentials /root/backup_testing/s3.1375969.x1Cq/s3_blob_credentials.json

URL: blobstore://@s3.us-west-2.amazonaws.com/ctests/test_s3_backup_and_restore?bucket=backup-112664522426-us-west-2&region=us-west-2&secure_connection=1
Restorable: true
Partitioned logs: false
File-level encryption: true
Snapshot:  startVersion=2885055 (maxLogEnd -0.01 days)  endVersion=2885055 (maxLogEnd -0.01 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=37864784 (maxLogEnd -0.01 days)  endVersion=37864784 (maxLogEnd -0.01 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=45425962 (maxLogEnd -0.01 days)  endVersion=45425962 (maxLogEnd -0.01 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=156694954 (maxLogEnd -0.00 days)  endVersion=156694954 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=248468490 (maxLogEnd -0.00 days)  endVersion=248468490 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=320434215 (maxLogEnd -0.00 days)  endVersion=320434215 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=420432091 (maxLogEnd -0.00 days)  endVersion=420432091 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=430205075 (maxLogEnd -0.00 days)  endVersion=430205075 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
Snapshot:  startVersion=466333855 (maxLogEnd -0.00 days)  endVersion=466333855 (maxLogEnd -0.00 days)  totalBytes=4293  restorable=true  expiredPct=0.00
SnapshotBytes: 38637
MinLogBeginVersion:      2728726 (maxLogEnd -0.01 days)
ContiguousLogEndVersion: 522728726 (maxLogEnd -0.00 days)
MaxLogEndVersion:        522728726 (maxLogEnd -0.00 days)
MinRestorableVersion:    2885055 (maxLogEnd -0.01 days)
MaxRestorableVersion:    522728725 (maxLogEnd -0.00 days)

Testing

• Fixed existing simulations test.
  100k correctness test (Completed)
  20250909-173704-ak_bkup1-fd31f1ec86ab12af compressed=True data_size=41538538 duration=6039823 ended=100000 fail=1 fail_fast=10 max_runs=100000 pass=99999 priority=100 remaining=0 runtime=1:30:32 sanity=False started=100000 stopped=20250909-190736 submitted=20250909-173704 timeout=5400 username=ak_bkup1

One failure in RandomSeed="905797951" SourceVersion="161fa8060c161b6e36e5ad1abb78b3f4c3ef9686" Time="1757442771" BuggifyEnabled="1" DeterminismCheck="0" FaultInjectionEnabled="1" TestFile="tests/slow/FastTriggeredWatches.toml" - Not related to this change or backup/restore

• Ran ctest s3_backup_test.sh which showed error when key is not provided during restore and vice versa and succesfully completes when there is no conflict.

@-- RESPONSE CONTENT--

--------

ERROR: Backup is encrypted, please provide the encryption key file path.
ERROR: Restore error
Fatal Error: Restore error
+ err 'Start fdbrestore failed'
++ date -Iseconds
+ echo '2025-09-08T19:07:54+00:00 ERROR: Start fdbrestore failed'
2025-09-08T19:07:54+00:00 ERROR: Start fdbrestore failed
+ return 1

NOTE:
It throws error when backup is not encrypted and during restore encryption is passed. It can be changed in separate PR if needed as it's not straightforward and container is opened with encryption key and encryption parameters are set before it reads metadata.

Code-Reviewer Section

The general pull request guidelines can be found here.

Please check each of the following things and check all boxes before accepting a PR.

• The PR has a description, explaining both the problem and the solution.
• The description mentions which forms of testing were done and the testing seems reasonable.
• Every function/class/actor that was touched is reasonably well documented.

For Release-Branches

If this PR is made against a release-branch, please also check the following:

• This change/bugfix is a cherry-pick from the next younger branch (younger release-branch or main if this is the youngest branch)
• There is a good reason why this PR needs to go into a release branch and this reason is documented (either in the description above or in a linked GitHub issue)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: 046a9fb
• Duration 0:04:20
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 046a9fb
• Duration 0:04:27
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: 046a9fb
• Duration 0:04:47
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: 046a9fb
• Duration 0:04:56
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: 046a9fb
• Duration 0:05:02
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: 60993cb
• Duration 0:04:29
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: 60993cb
• Duration 0:04:28
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: 60993cb
• Duration 0:04:30
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: 60993cb
• Duration 0:04:36
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 60993cb
• Duration 0:04:54
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: 60993cb
• Duration 0:40:19
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos on macOS Ventura 13.x

• Commit ID: 60993cb
• Duration 1:02:41
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: 3bbfad1
• Duration 0:04:20
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: 3bbfad1
• Duration 0:04:21
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: 3bbfad1
• Duration 0:04:22
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 3bbfad1
• Duration 0:04:36
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: 3bbfad1
• Duration 0:04:53
• Result: ❌ FAILED
• Error: Error while executing command: if [[ $(git diff --shortstat 2> /dev/null | tail -n1) == "" ]]; then echo "CODE FORMAT CLEAN"; else echo "CODE FORMAT NOT CLEAN"; echo; echo "THE FOLLOWING FILES NEED TO BE FORMATTED"; echo; git ls-files -m; echo; if [[ $FDB_VERSION =~ 7\.\3. ]]; then echo skip; else exit 1; fi; fi. Reason: exit status 1
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: 3bbfad1
• Duration 0:40:05
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux RHEL 9

• Commit ID: e2627ea
• Duration 0:29:58
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: e2627ea
• Duration 0:39:23
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: e2627ea
• Duration 0:49:59
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux RHEL 9

• Commit ID: e2627ea
• Duration 1:14:54
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux RHEL 9

• Commit ID: e2627ea
• Duration 1:19:07
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux RHEL 9

• Commit ID: e2627ea
• Duration 1:20:30
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[neethuhaneesha]

LGTM! Thanks!

May be in a different PR, there should be some encryption unit tests, add these checks of not passing encryption file and validating the errors

[neethuhaneesha]

Were the properties file previously encrypted?

[akankshamahajan15]

Yes, initially they were encrypted.
So if fdbbackup describe is called from command line then no encryption of properties and
and if fdbrestore is called then properties are encrypted.