Add encryption_passcommand
configuration option
This commit is contained in:
parent
ef76e87477
commit
e55e9e8139
4 changed files with 30 additions and 0 deletions
|
@ -57,6 +57,12 @@ environment variable. See the [repository encryption
|
||||||
section](https://borgbackup.readthedocs.io/en/latest/quickstart.html#repository-encryption)
|
section](https://borgbackup.readthedocs.io/en/latest/quickstart.html#repository-encryption)
|
||||||
of the Quick Start for more info.
|
of the Quick Start for more info.
|
||||||
|
|
||||||
|
Alternatively, the passphrase can be specified programatically by setting
|
||||||
|
either the borgmatic `encryption_passcommand` configuration variable or the
|
||||||
|
`BORG_PASSCOMMAND` environment variable. See the [Borg Security
|
||||||
|
FAQ](http://borgbackup.readthedocs.io/en/stable/faq.html#how-can-i-specify-the-encryption-passphrase-programmatically)
|
||||||
|
for more info.
|
||||||
|
|
||||||
If the repository is on a remote host, make sure that your local root user has
|
If the repository is on a remote host, make sure that your local root user has
|
||||||
key-based ssh access to the desired user account on the remote host.
|
key-based ssh access to the desired user account on the remote host.
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,10 @@ logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def initialize_environment(storage_config):
|
def initialize_environment(storage_config):
|
||||||
|
passcommand = storage_config.get('encryption_passcommand')
|
||||||
|
if passcommand:
|
||||||
|
os.environ['BORG_PASSCOMMAND'] = passcommand
|
||||||
|
|
||||||
passphrase = storage_config.get('encryption_passphrase')
|
passphrase = storage_config.get('encryption_passphrase')
|
||||||
if passphrase:
|
if passphrase:
|
||||||
os.environ['BORG_PASSPHRASE'] = passphrase
|
os.environ['BORG_PASSPHRASE'] = passphrase
|
||||||
|
|
|
@ -103,6 +103,14 @@ map:
|
||||||
https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
|
https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
|
||||||
details.
|
details.
|
||||||
map:
|
map:
|
||||||
|
encryption_passcommand:
|
||||||
|
type: scalar
|
||||||
|
desc: |
|
||||||
|
The standard output of this command is used to unlock the encryption key. Only
|
||||||
|
use on repositories that were initialized with passcommand/repokey encryption.
|
||||||
|
Note that if both encryption_passcommand and encryption_passphrase are set,
|
||||||
|
then encryption_passphrase takes precedence.
|
||||||
|
example: "secret-tool lookup borg-repository repo-name"
|
||||||
encryption_passphrase:
|
encryption_passphrase:
|
||||||
type: scalar
|
type: scalar
|
||||||
desc: |
|
desc: |
|
||||||
|
|
|
@ -6,6 +6,17 @@ from borgmatic.borg import create as module
|
||||||
from borgmatic.verbosity import VERBOSITY_SOME, VERBOSITY_LOTS
|
from borgmatic.verbosity import VERBOSITY_SOME, VERBOSITY_LOTS
|
||||||
|
|
||||||
|
|
||||||
|
def test_initialize_environment_with_passcommand_should_set_environment():
|
||||||
|
orig_environ = os.environ
|
||||||
|
|
||||||
|
try:
|
||||||
|
os.environ = {}
|
||||||
|
module.initialize_environment({'encryption_passcommand': 'command'})
|
||||||
|
assert os.environ.get('BORG_PASSCOMMAND') == 'command'
|
||||||
|
finally:
|
||||||
|
os.environ = orig_environ
|
||||||
|
|
||||||
|
|
||||||
def test_initialize_environment_with_passphrase_should_set_environment():
|
def test_initialize_environment_with_passphrase_should_set_environment():
|
||||||
orig_environ = os.environ
|
orig_environ = os.environ
|
||||||
|
|
||||||
|
@ -34,6 +45,7 @@ def test_initialize_environment_without_configuration_should_not_set_environment
|
||||||
try:
|
try:
|
||||||
os.environ = {}
|
os.environ = {}
|
||||||
module.initialize_environment({})
|
module.initialize_environment({})
|
||||||
|
assert os.environ.get('BORG_PASSCOMMAND') == None
|
||||||
assert os.environ.get('BORG_PASSPHRASE') == None
|
assert os.environ.get('BORG_PASSPHRASE') == None
|
||||||
assert os.environ.get('BORG_RSH') == None
|
assert os.environ.get('BORG_RSH') == None
|
||||||
finally:
|
finally:
|
||||||
|
|
Loading…
Reference in a new issue