[Borgbackup] What's the least amount of data necessary to access repos?

[Thomas Waldmann]

> I've currently setup some borg repos using the "keyfile" encryption
> method. From my understanding this forces me to maintain the used
> password during "init" AND additionally the generated keyfiles to be
> able to access the repo.

To decrypt data from an encrypted borg repo, you always need the borg 
AES key AND (because that key is protected by another layer of 
encryption) the passphrase for that key.

The only difference between repokey and keyfile is where the key is stored:

In the repo dir (repo/config file) vs. in the home dir.

You can easily lose the home dir, e.g. if the machine is stolen or the 
disk dies.

But you could also lose they key inside the repo dir (e.g. due to a hw 
issue, fs issue, sw bug, ...) and it would be painful to still have 
repodir/data but no key to decrypt.

So, you want to have a key backup for both cases and also not lose the 
passphrase.

borg key export --qr-html repo1 key-repo1.html

and then open key-repo1.html with a browser and print the page.

the passphrase is intentionally NOT included in the printed data.