aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2024-07-14 09:52:12 -0300
committerSilvio Rhatto <rhatto@riseup.net>2024-07-14 09:52:12 -0300
commit04b21c85f3063654a888d3917cd7ed4689744230 (patch)
tree1b566f32310c1a876889cc3b0c848380c10f2d9f
parent4830ac4947a0e273e9bea61fc17533ab695d0c72 (diff)
downloadhydra-04b21c85f3063654a888d3917cd7ed4689744230.tar.gz
hydra-04b21c85f3063654a888d3917cd7ed4689744230.tar.bz2
Fix: docs: notes on encrypted backups
-rw-r--r--docs/backups.md17
1 files changed, 16 insertions, 1 deletions
diff --git a/docs/backups.md b/docs/backups.md
index d645207..b5f19c6 100644
--- a/docs/backups.md
+++ b/docs/backups.md
@@ -155,7 +155,13 @@ This may be the ultimate disaster recovery kit for your Hydra!
## Restore
-Examples according to the software used to make the backup.
+Having backup data leaked is a serious security issue, and that's why we
+encrypt backups.
+But losing access to the encrypted material is data loss, so it's important
+to make sure in advance that we can get back the material.
+
+Procedures vary, and the following examples are sorted according to the
+software used to make the backup.
### Duplicity
@@ -196,6 +202,15 @@ Note on backup keys:
encrypted-storage workstations_ (recommendation is to not do this on the remote
repository).
+Just to be sure, let's emphasize Borg's own recommendation:
+
+> IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
+>
+> If you used a repokey mode, the key is stored in the repo, but you should
+> back it up separately.
+> Use "borg key export" to export the key, optionally in printable format.
+> Write down the passphrase. Store both at safe place(s).
+
[Borg]: https://www.borgbackup.org/
[Puppet]: https://www.puppet.com/
[not possible anymore]: https://github.com/borgbackup/borg/issues/7047