Repo Key export / import #345

Open
opened 2020-07-29 00:52:31 +00:00 by CCDKP · 7 comments

What I'm trying to do and why

Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation.

It would be nice to run one command and have it export (or import) the keys for all configured repos.

See borg documentation for borg key export and borg key import

Other notes / implementation ideas

It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups.

Environment

borgmatic version: 1.5.1

borgmatic installation method: Ubuntu Focal package

Borg version: 1.1.11

Python version: 3.8.2

operating system and version: Ubuntu Focal (20.04)

#### What I'm trying to do and why Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation. It would be nice to run one command and have it export (or import) the keys for all configured repos. See borg documentation for `borg key export` and `borg key import` #### Other notes / implementation ideas It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups. #### Environment **borgmatic version:** 1.5.1 **borgmatic installation method:** Ubuntu Focal package **Borg version:** 1.1.11 **Python version:** 3.8.2 **operating system and version:** Ubuntu Focal (20.04)
Owner

Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than borgmatic key import. Maybe something like borgmatic bootstrap.

Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the --paper and --qr-html formats. So I could see wrapping those but not including borgmatic config with them.

Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than `borgmatic key import`. Maybe something like `borgmatic bootstrap`. Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the `--paper` and `--qr-html` formats. So I could see wrapping those but not including borgmatic config with them.
Contributor

I came across this because I'm also interested in running borg key export and borg key import to back up and restore keyfiles.

I'd be perfectly happy to run the borg commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic borg command that would just set all the various environment variables like BORG_PASSPHRASE, BORG_RSH, BORG_BASE_DIR, etc., and then call borg with exactly the options you provide. So that you'd end up with a command like:

borgmatic borg key export --paper /path/to/repo
I came across this because I'm also interested in running `borg key export` and `borg key import` to back up and restore keyfiles. I'd be perfectly happy to run the `borg` commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic `borg` command that would just set all the various environment variables like `BORG_PASSPHRASE`, `BORG_RSH`, `BORG_BASE_DIR`, etc., and then call `borg` with exactly the options you provide. So that you'd end up with a command like: ``` borgmatic borg key export --paper /path/to/repo ```
Owner

Interesting idea! Thanks for the suggestion. A borg action could make a lot of sense, even for certain actions that borgmatic supports natively.

Interesting idea! Thanks for the suggestion. A `borg` action could make a lot of sense, even for certain actions that borgmatic supports natively.

FWIW I am a vorta user and kinda had a similar idea but focusing on paper export (b/c I find paper much more reliable for long-time storage). Here is a quick and dirty implementation using couple external programs: https://github.com/borgbase/vorta/discussions/986

FWIW I am a [vorta](https://github.com/borgbase/vorta/) user and kinda had a similar idea but focusing on paper export (b/c I find paper much more reliable for long-time storage). Here is a quick and dirty implementation using couple external programs: https://github.com/borgbase/vorta/discussions/986

We are using
borg 1.2.0
borgmatic 1.5.24

It is possible to run borgmatic borg .... commands in the version we are using, but we cannot get the key export to work. Is it possible to do with this version of borgmatic?

We have tried different ways, among others:

borgmatic borg key export
borgmatic borg key export --paper
borgmatic borg key export --paper <path to repo>
borgmatic borg key export --paper key.txt
borgmatic borg key export --paper <path to repo> key.txt

borgmatic borg 'key export'

We are using borg 1.2.0 borgmatic 1.5.24 It is possible to run `borgmatic borg ....` commands in the version we are using, but we cannot get the key export to work. Is it possible to do with this version of borgmatic? We have tried different ways, among others: ``` borgmatic borg key export borgmatic borg key export --paper borgmatic borg key export --paper <path to repo> borgmatic borg key export --paper key.txt borgmatic borg key export --paper <path to repo> key.txt borgmatic borg 'key export' ```
Owner

Looks like borgmatic borg key export is covered by #515!

Looks like `borgmatic borg key export` is covered by #515!
witten added the
good first issue
label 2023-02-04 21:27:36 +00:00
witten added this to the bootstrap from nothing milestone 2023-03-29 18:47:49 +00:00
witten added the
new feature area
label 2023-06-28 18:49:33 +00:00
Owner

Export is done and released in borgmatic 1.8.2: borgmatic key export. Key import is still to-do, so I'll leave this open.

Export is done and released in borgmatic 1.8.2: `borgmatic key export`. Key import is still to-do, so I'll leave this open.
Sign in to join this conversation.
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#345
No description provided.