From 93e7da823caa9d7fd97d8253af9953547e1d9bf0 Mon Sep 17 00:00:00 2001 From: Dan Helfman Date: Mon, 17 Mar 2025 22:24:01 -0700 Subject: [PATCH] Add an encryption option to repositories (#303). --- NEWS | 4 ++++ borgmatic/actions/repo_create.py | 10 +++++++++- borgmatic/commands/arguments.py | 6 ++++-- borgmatic/config/schema.yaml | 8 ++++++++ 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 4a1357a22..06f595339 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ * #303: Add flags for setting any borgmatic configuration option from the command-line. See the documentation for more information: https://torsion.org/borgmatic/docs/how-to/make-per-application-backups/#configuration-overrides + * #303: Add configuration options that serve as defaults for some (but not all) borgmatic + action flags. For example, each entry in "repositories:" now has an "encryption" option that + applies to the "repo-create" action. See the documentation for more information: + https://torsion.org/borgmatic/docs/reference/configuration/ * #790, #821: Deprecate all "before_*", "after_*" and "on_error" command hooks in favor of more flexible "commands:". See the documentation for more information: https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/ diff --git a/borgmatic/actions/repo_create.py b/borgmatic/actions/repo_create.py index e6252e4ea..af7b793d9 100644 --- a/borgmatic/actions/repo_create.py +++ b/borgmatic/actions/repo_create.py @@ -24,13 +24,21 @@ def run_repo_create( return logger.info('Creating repository') + + encryption_mode = repo_create_arguments.encryption_mode or repository.get('encryption') + + if not encryption_mode: + raise ValueError( + 'With the repo-create action, either the --encryption flag or the repository encryption option is required.' + ) + borgmatic.borg.repo_create.create_repository( global_arguments.dry_run, repository['path'], config, local_borg_version, global_arguments, - repo_create_arguments.encryption_mode, + encryption_mode, repo_create_arguments.source_repository, repo_create_arguments.copy_crypt_key, repo_create_arguments.append_only, diff --git a/borgmatic/commands/arguments.py b/borgmatic/commands/arguments.py index dad5584d4..3f2da08b3 100644 --- a/borgmatic/commands/arguments.py +++ b/borgmatic/commands/arguments.py @@ -445,7 +445,10 @@ def make_parsers(schema, unparsed_arguments): config_paths = collect.get_default_config_paths(expand_home=True) unexpanded_config_paths = collect.get_default_config_paths(expand_home=False) - global_parser = ArgumentParser(add_help=False) + # allow_abbrev=False prevents the global parser from erroring about "ambiguous" options like + # --encryption. Such options are intended for an action parser rather than the global parser, + # and so we don't want to error on them here. + global_parser = ArgumentParser(allow_abbrev=False, add_help=False) global_group = global_parser.add_argument_group('global arguments') global_group.add_argument( @@ -569,7 +572,6 @@ def make_parsers(schema, unparsed_arguments): '--encryption', dest='encryption_mode', help='Borg repository encryption mode', - required=True, ) repo_create_group.add_argument( '--source-repository', diff --git a/borgmatic/config/schema.yaml b/borgmatic/config/schema.yaml index 7fe30daf7..e4901dc73 100644 --- a/borgmatic/config/schema.yaml +++ b/borgmatic/config/schema.yaml @@ -45,6 +45,14 @@ properties: and to make selecting the repository easier on the command-line. example: backupserver + encryption: + type: string + description: | + The encryption mode with which to create the repository, + only used for the repo-create action. To see the + available encryption modes, run "borg init --help" with + Borg 1 or "borg repo-create --help" with Borg 2. + example: repokey-blake2 description: | A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to