mirror of
https://github.com/borgbackup/borg.git
synced 2026-06-12 02:17:54 -04:00
5035710042
This feature allows multiple repositories to share deduplication-relevant secrets (id_key and chunk_seed) while maintaining secure, independent encryption keys. `borg key export-related-secrets <REPO> <SPATH>` to export the secrets to a JSON file. `borg init --import-related-secrets <SPATH> <REPO>` to initialize a new repository using the secrets from the JSON file. Both repositories must use the same chunk id algorithm (both HMAC-SHA256 or both BLAKE2b). If you create related repositories with borg 1.4.x, you can later transfer their archives to one or multiple related new borg2 repositories without breaking deduplication. But please note that we might remove BLAKE2b support for new borg2 repos, see #8867, so this might only work for HMAC-SHA256 in the end.
50 lines
1.6 KiB
ReStructuredText
50 lines
1.6 KiB
ReStructuredText
.. _borg-change-passphrase:
|
|
|
|
.. include:: key_change-passphrase.rst.inc
|
|
|
|
Examples
|
|
~~~~~~~~
|
|
::
|
|
|
|
# Create a key file protected repository
|
|
$ borg init --encryption=keyfile -v /path/to/repo
|
|
Initializing repository at "/path/to/repo"
|
|
Enter new passphrase:
|
|
Enter same passphrase again:
|
|
Remember your passphrase. Your data will be inaccessible without it.
|
|
Key in "/root/.config/borg/keys/mnt_backup" created.
|
|
Keep this key safe. Your data will be inaccessible without it.
|
|
Synchronizing chunks cache...
|
|
Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
|
|
Done.
|
|
|
|
# Change key file passphrase
|
|
$ borg key change-passphrase -v /path/to/repo
|
|
Enter passphrase for key /root/.config/borg/keys/mnt_backup:
|
|
Enter new passphrase:
|
|
Enter same passphrase again:
|
|
Remember your passphrase. Your data will be inaccessible without it.
|
|
Key updated
|
|
|
|
# Import a previously-exported key into the specified
|
|
# key file (creating or overwriting the output key)
|
|
# (keyfile repositories only)
|
|
$ BORG_KEY_FILE=/path/to/output-key borg key import /path/to/repo /path/to/exported
|
|
|
|
Fully automated using environment variables:
|
|
|
|
::
|
|
|
|
$ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
|
|
# now "old" is the current passphrase.
|
|
$ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
|
|
# now "new" is the current passphrase.
|
|
|
|
|
|
.. include:: key_export.rst.inc
|
|
|
|
.. include:: key_import.rst.inc
|
|
|
|
This command can be used to create a related repository:
|
|
|
|
.. include:: key_export-related-secrets.rst.inc
|