#345 Repo Key export / import

Open
opened 2 months ago by CCDKP · 3 comments
CCDKP commented 2 months ago

What I’m trying to do and why

Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation.

It would be nice to run one command and have it export (or import) the keys for all configured repos.

See borg documentation for borg key export and borg key import

Other notes / implementation ideas

It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups.

Environment

borgmatic version: 1.5.1

borgmatic installation method: Ubuntu Focal package

Borg version: 1.1.11

Python version: 3.8.2

operating system and version: Ubuntu Focal (20.04)

#### What I'm trying to do and why Export remote repo keys to facilitate disaster recovery. Import remote repo keys in the event of a recovery operation. It would be nice to run one command and have it export (or import) the keys for all configured repos. See borg documentation for `borg key export` and `borg key import` #### Other notes / implementation ideas It would be nice to just get a single file (tar? gpg encrypted tar?) out that contains the borgmatic config, as well as the neccessary key files, and maybe even the ssh key. This single, small, file could be manually backed up once. In the event of a disaster recovery, a user would be able to import this recovery file to bootstrap borgmatic, so it could contact the remote repos to restore backups. #### Environment **borgmatic version:** 1.5.1 **borgmatic installation method:** Ubuntu Focal package **Borg version:** 1.1.11 **Python version:** 3.8.2 **operating system and version:** Ubuntu Focal (20.04)
witten commented 2 months ago
Owner

Interesting idea! I wasn’t even aware of this Borg feature. If it’s expanded to include borgmatic config, the command should probably be called something more generic than borgmatic key import. Maybe something like borgmatic bootstrap.

Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the --paper and --qr-html formats. So I could see wrapping those but not including borgmatic config with them.

Interesting idea! I wasn't even aware of this Borg feature. If it's expanded to include borgmatic config, the command should probably be called something more generic than `borgmatic key import`. Maybe something like `borgmatic bootstrap`. Anyway, if implementing this as a tarball as you suggest, it would probably play nicely with the standard Borg key export/import format. But maybe not so much with the `--paper` and `--qr-html` formats. So I could see wrapping those but not including borgmatic config with them.
satwell commented 4 days ago

I came across this because I’m also interested in running borg key export and borg key import to back up and restore keyfiles.

I’d be perfectly happy to run the borg commands directly, but it’s tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic borg command that would just set all the various environment variables like BORG_PASSPHRASE, BORG_RSH, BORG_BASE_DIR, etc., and then call borg with exactly the options you provide. So that you’d end up with a command like:

borgmatic borg key export --paper /path/to/repo
I came across this because I'm also interested in running `borg key export` and `borg key import` to back up and restore keyfiles. I'd be perfectly happy to run the `borg` commands directly, but it's tedious to convert all the options from the borgmatic YAML config into borg options. Maybe borgmatic could have a more generic `borg` command that would just set all the various environment variables like `BORG_PASSPHRASE`, `BORG_RSH`, `BORG_BASE_DIR`, etc., and then call `borg` with exactly the options you provide. So that you'd end up with a command like: ``` borgmatic borg key export --paper /path/to/repo ```
witten commented 3 days ago
Owner

Interesting idea! Thanks for the suggestion. A borg action could make a lot of sense, even for certain actions that borgmatic supports natively.

Interesting idea! Thanks for the suggestion. A `borg` action could make a lot of sense, even for certain actions that borgmatic supports natively.
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.