diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2024-07-14 09:52:12 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2024-07-14 09:52:12 -0300 |
commit | 04b21c85f3063654a888d3917cd7ed4689744230 (patch) | |
tree | 1b566f32310c1a876889cc3b0c848380c10f2d9f /docs/backups.md | |
parent | 4830ac4947a0e273e9bea61fc17533ab695d0c72 (diff) | |
download | hydra-04b21c85f3063654a888d3917cd7ed4689744230.tar.gz hydra-04b21c85f3063654a888d3917cd7ed4689744230.tar.bz2 |
Fix: docs: notes on encrypted backups
Diffstat (limited to 'docs/backups.md')
-rw-r--r-- | docs/backups.md | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/docs/backups.md b/docs/backups.md index d645207..b5f19c6 100644 --- a/docs/backups.md +++ b/docs/backups.md @@ -155,7 +155,13 @@ This may be the ultimate disaster recovery kit for your Hydra! ## Restore -Examples according to the software used to make the backup. +Having backup data leaked is a serious security issue, and that's why we +encrypt backups. +But losing access to the encrypted material is data loss, so it's important +to make sure in advance that we can get back the material. + +Procedures vary, and the following examples are sorted according to the +software used to make the backup. ### Duplicity @@ -196,6 +202,15 @@ Note on backup keys: encrypted-storage workstations_ (recommendation is to not do this on the remote repository). +Just to be sure, let's emphasize Borg's own recommendation: + +> IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo! +> +> If you used a repokey mode, the key is stored in the repo, but you should +> back it up separately. +> Use "borg key export" to export the key, optionally in printable format. +> Write down the passphrase. Store both at safe place(s). + [Borg]: https://www.borgbackup.org/ [Puppet]: https://www.puppet.com/ [not possible anymore]: https://github.com/borgbackup/borg/issues/7047 |