Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Tree: 1974824595
Branches Tags
borg
/
docs
/
usage
/
init.rst.inc

init.rst.inc 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. .. IMPORTANT: this file is auto-generated from borg's built-in help, do not edit!
    2. 

  2. 

  3. .. _borg_init:
    4. 

  4. 

  5. borg init
    6. 

  6. ---------
    7. 

  7. ::
    8. 

  8. 

  9.     borg init <options> REPOSITORY
    10. 

  10. 

  11. positional arguments
    12. 

  12.     REPOSITORY
    13. 

  13.         repository to create
    14. 

  14. 

  15. optional arguments
    16. 

  16.     ``-e``, ``--encryption``
    17. 

  17.         | select encryption key mode (default: "repokey")
    18. 

  18. 

  19. `Common options`_
    20. 

  20.     |
    21. 

  21. 

  22. Description
    23. 

  23. ~~~~~~~~~~~
    24. 

  24. 

  25. This command initializes an empty repository. A repository is a filesystem
    26. 

  26. directory containing the deduplicated data from zero or more archives.
    27. 

  27. 

  28. Encryption can be enabled at repository init time (the default).
    29. 

  29. 

  30. It is not recommended to disable encryption. Repository encryption protects you
    31. 

  31. e.g. against the case that an attacker has access to your backup repository.
    32. 

  32. 

  33. But be careful with the key / the passphrase:
    34. 

  34. 

  35. If you want "passphrase-only" security, use the repokey mode. The key will
    36. 

  36. be stored inside the repository (in its "config" file). In above mentioned
    37. 

  37. attack scenario, the attacker will have the key (but not the passphrase).
    38. 

  38. 

  39. If you want "passphrase and having-the-key" security, use the keyfile mode.
    40. 

  40. The key will be stored in your home directory (in .config/borg/keys). In
    41. 

  41. the attack scenario, the attacker who has just access to your repo won't have
    42. 

  42. the key (and also not the passphrase).
    43. 

  43. 

  44. Make a backup copy of the key file (keyfile mode) or repo config file
    45. 

  45. (repokey mode) and keep it at a safe place, so you still have the key in
    46. 

  46. case it gets corrupted or lost. Also keep the passphrase at a safe place.
    47. 

  47. The backup that is encrypted with that key won't help you with that, of course.
    48. 

  48. 

  49. Make sure you use a good passphrase. Not too short, not too simple. The real
    50. 

  50. encryption / decryption key is encrypted with / locked by your passphrase.
    51. 

  51. If an attacker gets your key, he can't unlock and use it without knowing the
    52. 

  52. passphrase.
    53. 

  53. 

  54. Be careful with special or non-ascii characters in your passphrase:
    55. 

  55. 

  56. - Borg processes the passphrase as unicode (and encodes it as utf-8),
    57. 

  57.   so it does not have problems dealing with even the strangest characters.
    58. 

  58. - BUT: that does not necessarily apply to your OS / VM / keyboard configuration.
    59. 

  59. 

  60. So better use a long passphrase made from simple ascii chars than one that
    61. 

  61. includes non-ascii stuff or characters that are hard/impossible to enter on
    62. 

  62. a different keyboard layout.
    63. 

  63. 

  64. You can change your passphrase for existing repos at any time, it won't affect
    65. 

  65. the encryption/decryption key or other secrets.
    66. 

  66. 

  67. When encrypting, AES-CTR-256 is used for encryption, and HMAC-SHA256 for
    68. 

  68. authentication. Hardware acceleration will be used automatically.
    69.