On 2020-05-19 23:56, Chris Hoogendyk wrote:
> I've seen discussions of amcrypt and pgp (I confess I haven't followed
> them closely), but is it possible to configure amanda to handle keys for
> the native LTO drive encryption?
It isn't really "configure amanda" in the following use case, but maybe it
helps anyways.
As oftentimes, a wrapper script is used. Amanda does daily backup to
holding disk only, and this script is run to flush it to tape if there is
enough to somewhat fill it.
-----8<----- cut here -----8<-----
#!/bin/bash
# Flush amanda holding disk to tape if there is enough to fill a tape
used=$(df --output=used /backup/amanda/ | tail -n 1)
if [ $used -gt 2000000000 ]; then
# turn on encryption of the tape
# note that we need key index "1" or we will get "IllegalRequest"
# --ckod instructs the tape to remove the key when tape is unmounted
/usr/local/bin/stenc -f /dev/nst0 -e on --protect -k
/etc/amanda/DailySet/tape.key -a 1 --ckod
su - backup -c "amflush DailySet -b -f && mt -f /dev/nst0 eject"
fi
-----8<----- cut here -----8<-----
Yours, Uwe
