From 04b21c85f3063654a888d3917cd7ed4689744230 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 14 Jul 2024 09:52:12 -0300 Subject: Fix: docs: notes on encrypted backups --- docs/backups.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/backups.md b/docs/backups.md index d645207..b5f19c6 100644 --- a/docs/backups.md +++ b/docs/backups.md @@ -155,7 +155,13 @@ This may be the ultimate disaster recovery kit for your Hydra! ## Restore -Examples according to the software used to make the backup. +Having backup data leaked is a serious security issue, and that's why we +encrypt backups. +But losing access to the encrypted material is data loss, so it's important +to make sure in advance that we can get back the material. + +Procedures vary, and the following examples are sorted according to the +software used to make the backup. ### Duplicity @@ -196,6 +202,15 @@ Note on backup keys: encrypted-storage workstations_ (recommendation is to not do this on the remote repository). +Just to be sure, let's emphasize Borg's own recommendation: + +> IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo! +> +> If you used a repokey mode, the key is stored in the repo, but you should +> back it up separately. +> Use "borg key export" to export the key, optionally in printable format. +> Write down the passphrase. Store both at safe place(s). + [Borg]: https://www.borgbackup.org/ [Puppet]: https://www.puppet.com/ [not possible anymore]: https://github.com/borgbackup/borg/issues/7047 -- cgit v1.2.3