I’m in desparate need of setting up borgmatic for borg backup. I would like to encrypt my backups. (I suppose, an unencrypted backup is better than none in my case, so I should get it done today regardless.)

How do I save those keys? Is there a directory structure I follow? Do you backup the keys as well? Are there keys that I need to write down by hand? Should I use a cloud service like bitwarden secrets manager? Could I host something?

Im ignorant on this matter. The most I’ve done is add ssh keys to git forges and use ssh-copyid. But I’ve always been able to access what I need to without keeping those (I login to the web interface.) Can you share with me best practices or what you do to manage non-password secrets?

  • @fullstackhipster
    link
    English
    35 months ago

    Good catch… and that’s why I keep up-to-date encrypted offline backups in two locations (home and office) always. That should be enough really, but I’ve been thinking about swapping one of those drives with a third backup at one of my relatives’ house from time to time, just to make irrecoverable failure even less likely.

    • @Dave@lemmy.nz
      link
      fedilink
      English
      15 months ago

      So you keep an encrypted backup at work with the decryption key at home, and an encrypted backup at home with the decryption key at work?

      • @fullstackhipster
        link
        English
        25 months ago

        No, that would clearly defeat the purpose of redundant backups. I remember the passphrases for my backups.