Use BORG_CRED

This commit is contained in:
cvlc12 2024-09-24 04:45:26 +00:00
parent c2c8af5df1
commit fdd33947e4
3 changed files with 21 additions and 2 deletions

View File

@ -233,6 +233,9 @@ properties:
encryption_passcommand and encryption_passphrase are set, then
encryption_passphrase takes precedence. Defaults to not set.
example: "secret-tool lookup borg-repository repo-name"
description: |
Uncomment to use an encrypted systemd service credential (/etc/credstore.encrypted/borgpw).
example: "cat ${BORG_CRED}"
encryption_passphrase:
type: string
description: |

View File

@ -29,6 +29,22 @@ For example, to ask the *Pass* password manager to provide the passphrase:
encryption_passcommand: pass path/to/borg-repokey
```
### Using systemd service credentials
Borgmatic supports using [credentials](https://systemd.io/CREDENTIALS/).
Save your password as an encrypted credential to `/etc/credstore.encrypted/borgpw`:
```
# systemd-ask-password -n | systemd-creds encrypt - /etc/credstore.encrypted/borgpw
```
Then uncomment or use the following in your configuration file:
```yaml
encryption_passcommand: "cat ${BORG_CRED}"
```
### Environment variable interpolation
<span class="minilink minilink-addedin">New in version 1.6.4</span> borgmatic

View File

@ -10,8 +10,8 @@ ConditionACPower=true
Type=oneshot
# Load encrypted credentials
LoadCredentialEncrypted=borgpw
Environment=BORG_PASSCOMMAND="cat %d/borgpw"
LoadCredentialEncrypted=borgpw
Environment=BORG_CRED="%d/borgpw"
# Security settings for systemd running as root, optional but recommended to improve security. You
# can disable individual settings if they cause problems for your use case. For more details, see