I’m in desparate need of setting up borgmatic for borg backup. I would like to encrypt my backups. (I suppose, an unencrypted backup is better than none in my case, so I should get it done today regardless.)

How do I save those keys? Is there a directory structure I follow? Do you backup the keys as well? Are there keys that I need to write down by hand? Should I use a cloud service like bitwarden secrets manager? Could I host something?

Im ignorant on this matter. The most I’ve done is add ssh keys to git forges and use ssh-copyid. But I’ve always been able to access what I need to without keeping those (I login to the web interface.) Can you share with me best practices or what you do to manage non-password secrets?

  • fullstackhipster@awful.systems
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    Good catch… and that’s why I keep up-to-date encrypted offline backups in two locations (home and office) always. That should be enough really, but I’ve been thinking about swapping one of those drives with a third backup at one of my relatives’ house from time to time, just to make irrecoverable failure even less likely.

    • Dave@lemmy.nz
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      So you keep an encrypted backup at work with the decryption key at home, and an encrypted backup at home with the decryption key at work?