Repo Key export / import #345
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation.
It would be nice to run one command and have it export (or import) the keys for all configured repos.
See borg documentation for
borg key export
andborg key import
Other notes / implementation ideas
It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups.
Environment
borgmatic version: 1.5.1
borgmatic installation method: Ubuntu Focal package
Borg version: 1.1.11
Python version: 3.8.2
operating system and version: Ubuntu Focal (20.04)
Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than
borgmatic key import
. Maybe something likeborgmatic bootstrap
.Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the
--paper
and--qr-html
formats. So I could see wrapping those but not including borgmatic config with them.I came across this because I'm also interested in running
borg key export
andborg key import
to back up and restore keyfiles.I'd be perfectly happy to run the
borg
commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more genericborg
command that would just set all the various environment variables likeBORG_PASSPHRASE
,BORG_RSH
,BORG_BASE_DIR
, etc., and then callborg
with exactly the options you provide. So that you'd end up with a command like:Interesting idea! Thanks for the suggestion. A
borg
action could make a lot of sense, even for certain actions that borgmatic supports natively.FWIW I am a vorta user and kinda had a similar idea but focusing on paper export (b/c I find paper much more reliable for long-time storage). Here is a quick and dirty implementation using couple external programs: https://github.com/borgbase/vorta/discussions/986
We are using
borg 1.2.0
borgmatic 1.5.24
It is possible to run
borgmatic borg ....
commands in the version we are using, but we cannot get the key export to work. Is it possible to do with this version of borgmatic?We have tried different ways, among others:
Looks like
borgmatic borg key export
is covered by #515!Export is done and released in borgmatic 1.8.2:
borgmatic key export
. Key import is still to-do, so I'll leave this open.