borgmatic-collective/borgmatic
borgmatic-collective/borgmatic
9
74
Fork 54
Code Issues 54 Pull requests 4 Releases 159 Packages 1 Activity Actions 1

Repo Key export / import #345

New issue
Closed
opened 2020-07-29 00:52:31 +00:00 by CCDKP · 11 comments
CCDKP commented 2020-07-29 00:52:31 +00:00
Copy link

What I'm trying to do and why

Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation.

It would be nice to run one command and have it export (or import) the keys for all configured repos.

See borg documentation for borg key export and borg key import

Other notes / implementation ideas

It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups.

Environment

borgmatic version: 1.5.1

borgmatic installation method: Ubuntu Focal package

Borg version: 1.1.11

Python version: 3.8.2

operating system and version: Ubuntu Focal (20.04)

#### What I'm trying to do and why Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation. It would be nice to run one command and have it export (or import) the keys for all configured repos. See borg documentation for `borg key export` and `borg key import` #### Other notes / implementation ideas It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups. #### Environment **borgmatic version:** 1.5.1 **borgmatic installation method:** Ubuntu Focal package **Borg version:** 1.1.11 **Python version:** 3.8.2 **operating system and version:** Ubuntu Focal (20.04)
witten commented 2020-07-29 03:09:25 +00:00
Owner
Copy link

Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than borgmatic key import. Maybe something like borgmatic bootstrap.

Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the --paper and --qr-html formats. So I could see wrapping those but not including borgmatic config with them.

Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than `borgmatic key import`. Maybe something like `borgmatic bootstrap`. Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the `--paper` and `--qr-html` formats. So I could see wrapping those but not including borgmatic config with them.
satwell commented 2020-10-21 00:19:50 +00:00
Contributor
Copy link

I came across this because I'm also interested in running borg key export and borg key import to back up and restore keyfiles.

I'd be perfectly happy to run the borg commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic borg command that would just set all the various environment variables like BORG_PASSPHRASE, BORG_RSH, BORG_BASE_DIR, etc., and then call borg with exactly the options you provide. So that you'd end up with a command like:

borgmatic borg key export --paper /path/to/repo
I came across this because I'm also interested in running `borg key export` and `borg key import` to back up and restore keyfiles. I'd be perfectly happy to run the `borg` commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic `borg` command that would just set all the various environment variables like `BORG_PASSPHRASE`, `BORG_RSH`, `BORG_BASE_DIR`, etc., and then call `borg` with exactly the options you provide. So that you'd end up with a command like: ``` borgmatic borg key export --paper /path/to/repo ```
witten commented 2020-10-21 16:58:01 +00:00
Owner
Copy link

Interesting idea! Thanks for the suggestion. A borg action could make a lot of sense, even for certain actions that borgmatic supports natively.

Interesting idea! Thanks for the suggestion. A `borg` action could make a lot of sense, even for certain actions that borgmatic supports natively.
jose1711 commented 2021-05-22 12:27:36 +00:00
Copy link

FWIW I am a vorta user and kinda had a similar idea but focusing on paper export (b/c I find paper much more reliable for long-time storage). Here is a quick and dirty implementation using couple external programs: https://github.com/borgbase/vorta/discussions/986

FWIW I am a [vorta](https://github.com/borgbase/vorta/) user and kinda had a similar idea but focusing on paper export (b/c I find paper much more reliable for long-time storage). Here is a quick and dirty implementation using couple external programs: https://github.com/borgbase/vorta/discussions/986
👍 1
persal commented 2022-03-31 10:06:01 +00:00
Copy link

We are using
borg 1.2.0
borgmatic 1.5.24

It is possible to run borgmatic borg .... commands in the version we are using, but we cannot get the key export to work. Is it possible to do with this version of borgmatic?

We have tried different ways, among others:

borgmatic borg key export
borgmatic borg key export --paper
borgmatic borg key export --paper <path to repo>
borgmatic borg key export --paper key.txt
borgmatic borg key export --paper <path to repo> key.txt

borgmatic borg 'key export'
We are using borg 1.2.0 borgmatic 1.5.24 It is possible to run `borgmatic borg ....` commands in the version we are using, but we cannot get the key export to work. Is it possible to do with this version of borgmatic? We have tried different ways, among others: ``` borgmatic borg key export borgmatic borg key export --paper borgmatic borg key export --paper <path to repo> borgmatic borg key export --paper key.txt borgmatic borg key export --paper <path to repo> key.txt borgmatic borg 'key export' ```
witten commented 2022-04-23 21:09:37 +00:00
Owner
Copy link

Looks like borgmatic borg key export is covered by #515!

Looks like `borgmatic borg key export` is covered by #515!
witten commented 2023-08-14 19:58:42 +00:00
Owner
Copy link

Export is done and released in borgmatic 1.8.2: borgmatic key export. Key import is still to-do, so I'll leave this open.

Export is done and released in borgmatic 1.8.2: `borgmatic key export`. Key import is still to-do, so I'll leave this open.
120EE0980 commented 2025-03-16 09:01:35 +00:00
Contributor
Copy link

I would like to work on key import and also this will make me familiar with GSOC-idea.

I would like to work on key import and also this will make me familiar with [GSOC-idea]([url](https://github.com/borgbase/vorta/wiki/Google-Summer-of-Code-2025-Ideas#wrap-all-borg-sub-commands-with-borgmatic-actions)).
witten commented 2025-03-16 21:28:43 +00:00
Owner
Copy link

Great! I think it should be pretty straightforward, but please let me know if you have any questions along the way.

Great! I think it should be pretty straightforward, but please let me know if you have any questions along the way.
👍 1
witten commented 2025-03-21 21:26:15 +00:00
Owner
Copy link

key import has been implemented by @120EE0980 in main and will be part of the next release!

`key import` has been implemented by @120EE0980 in main and will be part of the next release!
witten commented 2025-04-06 15:46:44 +00:00
Owner
Copy link

Released in borgmatic 2.0.0!

Released in borgmatic 2.0.0!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
command-hook-steps
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.9.14
1.9.13
1.9.12
1.9.11
1.9.10
1.9.9
1.9.8
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9.0
1.8.14
1.8.13
1.8.12
1.8.11
1.8.10
1.8.9
1.8.8
1.8.7
1.8.6
1.8.5
1.8.4
1.8.3
1.8.2
1.8.1
1.8.0
1.7.15
1.7.14
1.7.13
1.7.12
1.7.11
1.7.10
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.24
1.5.23
1.5.22
1.5.21
1.5.20
1.5.19
1.5.18
1.5.17
1.5.16
1.5.15
1.5.14
1.5.13
1.5.12
1.5.11
1.5.10
1.5.9
1.5.8
1.5.7
1.5.7.dev0
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0
1.4.22
1.4.21
1.4.20
1.4.19
1.4.18
1.4.17
1.4.16
1.4.15
1.4.14
1.4.13
1.4.12
1.4.11
1.4.10
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.21
1.3.20
1.3.19
1.3.18
1.3.17
1.3.16
1.3.15
1.3.14
1.3.13
1.3.12
1.3.11
1.3.10
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.9
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
Labels
Clear labels   
blocked

   
breaking

   
bug

   
data loss

   
design finalized

   
good first issue

   
new feature area

   
question / support

   
security

   
waiting for response
No labels
blocked
breaking
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
borgmatic-collective/borgmatic#345
No description provided.