Document that passphrase is used for Borg keyfile encryption, not just repokey encryption (#373).

2020-11-25 18:36:23 -08:00 · 2020-11-25 18:36:23 -08:00 · 41bf520585
parent c0ae01f5d5
commit 41bf520585
3 changed files with 11 additions and 10 deletions
--- a/1
+++ b/1
@ -1,4 +1,5 @@
 1.5.13.dev0
+ * #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption.
 * Drop support for Python 3.5, which has been end-of-lifed.
 * Update versions of test dependencies (test_requirements.txt and test containers).
 * Only support black code formatter on Python 3.8+. New black dependencies make installation
--- a/borgmatic/config/schema.yaml
+++ b/borgmatic/config/schema.yaml
@ -185,19 +185,19 @@ map:
                desc: |
                    The standard output of this command is used to unlock the
                    encryption key. Only use on repositories that were
-                    initialized with passcommand/repokey encryption. Note that
-                    if both encryption_passcommand and encryption_passphrase are
-                    set, then encryption_passphrase takes precedence. Defaults
-                    to not set.
+                    initialized with passcommand/repokey/keyfile encryption. Note
+                    that if both encryption_passcommand and encryption_passphrase
+                    are set, then encryption_passphrase takes precedence.
+                    Defaults to not set.
                example: "secret-tool lookup borg-repository repo-name"
            encryption_passphrase:
                type: str
                desc: |
                    Passphrase to unlock the encryption key with. Only use on
-                    repositories that were initialized with passphrase/repokey
-                    encryption. Quote the value if it contains punctuation, so
-                    it parses correctly. And backslash any quote or backslash
-                    literals as well. Defaults to not set.
+                    repositories that were initialized with
+                    passphrase/repokey/keyfile encryption. Quote the value if it
+                    contains punctuation, so it parses correctly. And backslash
+                    any quote or backslash literals as well. Defaults to not set.
                example: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
            checkpoint_interval:
                type: int
--- a/docs/how-to/set-up-backups.md
+++ b/docs/how-to/set-up-backups.md
@ -139,8 +139,8 @@ configuration](https://torsion.org/borgmatic/docs/how-to/upgrade/#upgrading-your

 ### Encryption

-If you encrypt your Borg repository with a passphrase instead of a key file,
-you'll either need to set the borgmatic `encryption_passphrase` configuration
+If you encrypt your Borg repository with a passphrase or a key file, you'll
+either need to set the borgmatic `encryption_passphrase` configuration
 variable or set the `BORG_PASSPHRASE` environment variable. See the
 [repository encryption
 section](https://borgbackup.readthedocs.io/en/stable/quickstart.html#repository-encryption)