Sākums Izpētīt Palīdzība
Pierakstīties
mirrors
/
borgmatic
spogulis no https://github.com/witten/borgmatic
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Add documentation for the "!credential" tag (#966).

Dan Helfman 3 mēneši atpakaļ
vecāks
9a9a8fd1c6
revīzija
c5abcc1fdf
4 mainītis faili ar 63 papildinājumiem un 19 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 12 1
      README.md
  2. 51 18
      docs/how-to/provide-your-passwords.md
  3. BIN
      docs/static/pushover.png
  4. BIN
      docs/static/systemd.png

+ 12 - 1
README.md
Parādīt failu 

@@ -56,6 +56,8 @@ borgmatic is powered by [Borg Backup](https://www.borgbackup.org/).
 
 
 ## Integrations
 
 
+### Data
 
+
 
 <a href="https://www.postgresql.org/"><img src="docs/static/postgresql.png" alt="PostgreSQL" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://www.mysql.com/"><img src="docs/static/mysql.png" alt="MySQL" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://mariadb.com/"><img src="docs/static/mariadb.png" alt="MariaDB" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
@@ -65,6 +67,11 @@ borgmatic is powered by [Borg Backup](https://www.borgbackup.org/).
 
 <a href="https://btrfs.readthedocs.io/"><img src="docs/static/btrfs.png" alt="Btrfs" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://sourceware.org/lvm2/"><img src="docs/static/lvm.png" alt="LVM" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://rclone.org"><img src="docs/static/rclone.png" alt="rclone" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
+<a href="https://www.borgbase.com/?utm_source=borgmatic"><img src="docs/static/borgbase.png" alt="BorgBase" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
+
 
+
 
+### Monitoring
 
+
 
 <a href="https://healthchecks.io/"><img src="docs/static/healthchecks.png" alt="Healthchecks" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://uptime.kuma.pet/"><img src="docs/static/uptimekuma.png" alt="Uptime Kuma" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://cronitor.io/"><img src="docs/static/cronitor.png" alt="Cronitor" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
@@ -76,7 +83,11 @@ borgmatic is powered by [Borg Backup](https://www.borgbackup.org/).
 
 <a href="https://github.com/caronc/apprise/wiki"><img src="docs/static/apprise.png" alt="Apprise" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://www.zabbix.com/"><img src="docs/static/zabbix.png" alt="Zabbix" height="40px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 <a href="https://sentry.io/"><img src="docs/static/sentry.png" alt="Sentry" height="40px" style="margin-bottom:20px; margin-right:20px;"></a>
 
-<a href="https://www.borgbase.com/?utm_source=borgmatic"><img src="docs/static/borgbase.png" alt="BorgBase" height="60px" style="margin-bottom:20px; margin-right:20px;"></a>
 
+
 
+
 
+### Credentials
 
+
 
+<a href="https://systemd.io/"><img src="docs/static/systemd.png" alt="Sentry" height="40px" style="margin-bottom:20px; margin-right:20px;"></a>
 
 
 
 ## Getting started

+ 51 - 18
docs/how-to/provide-your-passwords.md
Parādīt failu 

@@ -50,52 +50,85 @@ once per borgmatic run.
 
 
 ### Using systemd service credentials
 
 
-Borgmatic supports using encrypted [credentials](https://systemd.io/CREDENTIALS/).
 
+borgmatic supports using encrypted [systemd
 
+credentials](https://systemd.io/CREDENTIALS/). To use this feature, start by
 
+saving your password as an encrypted credential to
 
+`/etc/credstore.encrypted/borgmatic.pw`, e.g.,
 
 
-Save your password as an encrypted credential to `/etc/credstore.encrypted/borgmatic.pw`, e.g.,
 
-
 
-```
 
-# systemd-ask-password -n | systemd-creds encrypt - /etc/credstore.encrypted/borgmatic.pw
 
+```bash
 
+systemd-ask-password -n | systemd-creds encrypt - /etc/credstore.encrypted/borgmatic.pw
 
 ```
 
 
-Then uncomment or use the following in your configuration file:
 
+Then use the following in your configuration file:
 
 
 ```yaml
 
-encryption_passcommand: "cat ${CREDENTIALS_DIRECTORY}/borgmatic.pw"
 
+encryption_passphrase: !credential systemd borgmatic.pw
 
 ```
 
 
+<span class="minilink minilink-addedin">Prior to version 1.9.10</span> You can
 
+accomplish the same thing with this configuration:
 
+
 
+```yaml
 
+encryption_passcommand: cat ${CREDENTIALS_DIRECTORY}/borgmatic.pw
 
+```
 
 Note that the name `borgmatic.pw` is hardcoded in the systemd service file.
 
 
-To use multiple different passwords, save them as encrypted credentials to `/etc/credstore.encrypted/borgmatic/`, e.g.,
 
+You can use the `!credential` tag for any option value in a borgmatic
 
+configuration file. So for example, use `!credential` to load systemd
 
+credentials for database or monitoring passwords:
 
 
+```yaml
 
+postgresql_databases:
 
+    - name: invoices
 
+      username: postgres
 
+      password: !credential systemd borgmatic_db1
 
 ```
 
-# mkdir /etc/credstore.encrypted/borgmatic
 
-# systemd-ask-password -n | systemd-creds encrypt --name=borgmatic_backupserver1 - /etc/credstore.encrypted/borgmatic/backupserver1
 
-# systemd-ask-password -n | systemd-creds encrypt --name=borgmatic_pw2 - /etc/credstore.encrypted/borgmatic/pw2
 
+
 
+But first you'll need to modify the borgmatic systemd service file to support
 
+loading multiple credentials (assuming you need to load more than one or
 
+anything not named `borgmatic.pw`).
 
+
 
+To do this, save each encrypted credentials to
 
+`/etc/credstore.encrypted/borgmatic/`. E.g.,
 
+
 
+```bash
 
+mkdir /etc/credstore.encrypted/borgmatic
 
+systemd-ask-password -n | systemd-creds encrypt --name=borgmatic_backupserver1 - /etc/credstore.encrypted/borgmatic/backupserver1
 
+systemd-ask-password -n | systemd-creds encrypt --name=borgmatic_pw2 - /etc/credstore.encrypted/borgmatic/pw2
 
 ...
 
 ```
 
 
-Ensure that the file names, (e.g. `backupserver1`) match the corresponding part of
 
-the `--name` option *after* the underscore (_), and that the part *before* 
+Ensure that the file names, (e.g. `backupserver1`) match the corresponding part
 
+of the `--name` option *after* the underscore (_), and that the part *before*
 
 the underscore matches the directory name (e.g. `borgmatic`).
 
 
 Then, uncomment the appropriate line in the systemd service file:
 
 
 ```
 
-# systemctl edit borgmatic.service
 
+systemctl edit borgmatic.service
 
 ...
 
 # Load multiple encrypted credentials.
 
 LoadCredentialEncrypted=borgmatic:/etc/credstore.encrypted/borgmatic/
 
 ```
 
 
-Finally, use the following in your configuration file:
 
+Finally, use something like the following in your borgmatic configuration file
 
+for each option value you'd like to load from systemd:
 
 
+```yaml
 
+encryption_passphrase: !credential systemd borgmatic_backupserver1
 
 ```
 
-encryption_passcommand: "cat ${CREDENTIALS_DIRECTORY}/borgmatic_backupserver1"
 
+
 
+<span class="minilink minilink-addedin">Prior to version 1.9.10</span> Use the
 
+following instead, but only for the `encryption_passcommand` option and
 
+not other options:
 
+
 
+```yaml
 
+encryption_passcommand: cat ${CREDENTIALS_DIRECTORY}/borgmatic_backupserver1
 
 ```
 
 
-Adjust `borgmatic_backupserver1` according to the name given to the credential 
-and the directory set in the service file.
 
+Adjust `borgmatic_backupserver1` according to the name of the credential and the
 
+directory set in the service file.
 
+
 
 
 ### Environment variable interpolation

BIN
docs/static/pushover.png
Parādīt failu


BIN
docs/static/systemd.png
Parādīt failu