I’m in desparate need of setting up borgmatic for borg backup. I would like to encrypt my backups. (I suppose, an unencrypted backup is better than none in my case, so I should get it done today regardless.)

How do I save those keys? Is there a directory structure I follow? Do you backup the keys as well? Are there keys that I need to write down by hand? Should I use a cloud service like bitwarden secrets manager? Could I host something?

Im ignorant on this matter. The most I’ve done is add ssh keys to git forges and use ssh-copyid. But I’ve always been able to access what I need to without keeping those (I login to the web interface.) Can you share with me best practices or what you do to manage non-password secrets?

  • hendrik@palaver.p3x.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    I add such stuff to my password manager. It supports files. But not all password managers do. I have a category for admin stuff where I also save passwords to servers, database credentials, service logins and the exported LUKS keys of the harddrives. I’d add backup keys there, too, but I currently keep them unencrypted on an encrypted harddisk.