[Borgbackup] What's the least amount of data necessary to access repos?
Thomas Waldmann
tw at waldmann-edv.de
Sat Jul 10 10:10:46 EDT 2021
> I've currently setup some borg repos using the "keyfile" encryption
> method. From my understanding this forces me to maintain the used
> password during "init" AND additionally the generated keyfiles to be
> able to access the repo.
To decrypt data from an encrypted borg repo, you always need the borg
AES key AND (because that key is protected by another layer of
encryption) the passphrase for that key.
The only difference between repokey and keyfile is where the key is stored:
In the repo dir (repo/config file) vs. in the home dir.
You can easily lose the home dir, e.g. if the machine is stolen or the
disk dies.
But you could also lose they key inside the repo dir (e.g. due to a hw
issue, fs issue, sw bug, ...) and it would be painful to still have
repodir/data but no key to decrypt.
So, you want to have a key backup for both cases and also not lose the
passphrase.
borg key export --qr-html repo1 key-repo1.html
and then open key-repo1.html with a browser and print the page.
the passphrase is intentionally NOT included in the printed data.
More information about the Borgbackup
mailing list