[Borgbackup] Prune encrypted repository without the key
Thomas Waldmann
tw at waldmann-edv.de
Sun Mar 13 16:49:43 EDT 2022
> Is it possible to prune an encrypted repository without having its key
> (and/or passphrase: the credentials) ?
borg prune: no
borg compact: yes
starting with borg 1.2, the compaction is separate from the pruning.
for borg < 1.2, compaction is done at the end of borg prune.
> with the --append-only options added to borg serve (thus if an attacker
> has access to the server A, he cannot delete backups).
>
> However, I would like to let the "storage policy" to the third-party
> members: if a member has only few storage space, he will only keep the
> backups of the 7 last days; if a member has lot of storage space, he can
> keep the last two months of backups. This supposes to let the
> third-party members run the borg prune command from their servers, on
> the repository which is encrypted.
If you can't read the repo, how would you be able to decide what to
delete? It's all encrypted.
Also, if you use append only, borg prune will only logically delete
archives, but not free space. borg compact will just not do anything.
More information about the Borgbackup
mailing list