Load systemd encrypted credentials
This commit is contained in:
parent
a4b65cf710
commit
0da21cd4cb
@ -232,7 +232,10 @@ properties:
|
||||
passcommand/repokey/keyfile encryption. Note that if both
|
||||
encryption_passcommand and encryption_passphrase are set, then
|
||||
encryption_passphrase takes precedence. Defaults to not set.
|
||||
This can also be used to access an encrypted systemd service
|
||||
credential (stored in /etc/credstore.encrypted/borgpw).
|
||||
example: "secret-tool lookup borg-repository repo-name"
|
||||
example: "cat ${CREDENTIALS_DIRECTORY}/borgpw"
|
||||
encryption_passphrase:
|
||||
type: string
|
||||
description: |
|
||||
|
@ -29,6 +29,22 @@ For example, to ask the *Pass* password manager to provide the passphrase:
|
||||
encryption_passcommand: pass path/to/borg-repokey
|
||||
```
|
||||
|
||||
### Using systemd service credentials
|
||||
|
||||
Borgmatic supports using [credentials](https://systemd.io/CREDENTIALS/).
|
||||
|
||||
Save your password as an encrypted credential to `/etc/credstore.encrypted/borgpw`:
|
||||
|
||||
```
|
||||
# systemd-ask-password -n | systemd-creds encrypt - /etc/credstore.encrypted/borgpw
|
||||
```
|
||||
|
||||
Then uncomment or use the following in your configuration file:
|
||||
|
||||
```yaml
|
||||
encryption_passcommand: "cat ${CREDENTIALS_DIRECTORY}/borgpw"
|
||||
```
|
||||
|
||||
### Environment variable interpolation
|
||||
|
||||
<span class="minilink minilink-addedin">New in version 1.6.4</span> borgmatic
|
||||
|
@ -9,6 +9,9 @@ ConditionACPower=true
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
# Load encrypted credentials
|
||||
LoadCredentialEncrypted=borgpw
|
||||
|
||||
# Security settings for systemd running as root, optional but recommended to improve security. You
|
||||
# can disable individual settings if they cause problems for your use case. For more details, see
|
||||
# the systemd manual: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
|
Loading…
x
Reference in New Issue
Block a user