From 41bf520585ef76a0294e400078c75191fcf32b3e Mon Sep 17 00:00:00 2001 From: Dan Helfman Date: Wed, 25 Nov 2020 18:36:23 -0800 Subject: [PATCH] Document that passphrase is used for Borg keyfile encryption, not just repokey encryption (#373). --- NEWS | 1 + borgmatic/config/schema.yaml | 16 ++++++++-------- docs/how-to/set-up-backups.md | 4 ++-- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index 7ea3a75..67b008b 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,5 @@ 1.5.13.dev0 + * #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption. * Drop support for Python 3.5, which has been end-of-lifed. * Update versions of test dependencies (test_requirements.txt and test containers). * Only support black code formatter on Python 3.8+. New black dependencies make installation diff --git a/borgmatic/config/schema.yaml b/borgmatic/config/schema.yaml index 35da6f3..724cf3f 100644 --- a/borgmatic/config/schema.yaml +++ b/borgmatic/config/schema.yaml @@ -185,19 +185,19 @@ map: desc: | The standard output of this command is used to unlock the encryption key. Only use on repositories that were - initialized with passcommand/repokey encryption. Note that - if both encryption_passcommand and encryption_passphrase are - set, then encryption_passphrase takes precedence. Defaults - to not set. + initialized with passcommand/repokey/keyfile encryption. Note + that if both encryption_passcommand and encryption_passphrase + are set, then encryption_passphrase takes precedence. + Defaults to not set. example: "secret-tool lookup borg-repository repo-name" encryption_passphrase: type: str desc: | Passphrase to unlock the encryption key with. Only use on - repositories that were initialized with passphrase/repokey - encryption. Quote the value if it contains punctuation, so - it parses correctly. And backslash any quote or backslash - literals as well. Defaults to not set. + repositories that were initialized with + passphrase/repokey/keyfile encryption. Quote the value if it + contains punctuation, so it parses correctly. And backslash + any quote or backslash literals as well. Defaults to not set. example: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~" checkpoint_interval: type: int diff --git a/docs/how-to/set-up-backups.md b/docs/how-to/set-up-backups.md index 6ced006..1cd5423 100644 --- a/docs/how-to/set-up-backups.md +++ b/docs/how-to/set-up-backups.md @@ -139,8 +139,8 @@ configuration](https://torsion.org/borgmatic/docs/how-to/upgrade/#upgrading-your ### Encryption -If you encrypt your Borg repository with a passphrase instead of a key file, -you'll either need to set the borgmatic `encryption_passphrase` configuration +If you encrypt your Borg repository with a passphrase or a key file, you'll +either need to set the borgmatic `encryption_passphrase` configuration variable or set the `BORG_PASSPHRASE` environment variable. See the [repository encryption section](https://borgbackup.readthedocs.io/en/stable/quickstart.html#repository-encryption)