Just my $0.02 I have saved copies of the tape key and all other keys and bareos config files in an encrypted vault like Vault, 1Password, Cyberark, so I’ll have all me keys replicated in another location but in an encrypted way.
I use as part of my catalog backup after script rclone the catalog volumes to a cloud bucket, in addition to local tape/disk copies on the server. I also modified so that the SQL file is a dump to disk and then backed up, and not deleted as part of the backup job. They may not be an option for really large catalogs, but points is I have the catalog in a SQL dump on disk, in cloud (encrypted one way) on disk volume (not encrypted except the disk volume with key in replicated key storage) , and tape volume. Main thing is have those keys so you can pull one of these catalog backups. Brock Palen [email protected] www.mlds-networks.com Websites, Linux, Hosting, Joomla, Consulting > On Jun 17, 2021, at 12:29 PM, 'Christian Svensson' via bareos-users > <[email protected]> wrote: > > Many thanks for sanity-checking my thoughts. > > On Thu, Jun 17, 2021 at 10:54 AM Philipp Storz <[email protected]> > wrote: >> In general, I think that disaster recovery and encryption are no good >> friends. > > True as that may be, storing data unencrypted is not an option for me :-). > It certainly makes it harder though, but I appreciate a good challenge. > >> In case of a real disaster, it is always good to be able to get things >> working again as simple as >> possible. >> >> Encryption makes things more complex and enlarges the probability that you >> are not able to recover >> in a reasonable time. > > Indeed, it's a cost. > That's also why I wanted to use bextract - to reduce complexity > getting a new Bareos setup up and running. The alternative of > bootstrapping a new using bscan etc. seems to be much more complex in > my eyes. > >> To be prepared for a disaster, it is advisable to document and test the >> procedure on a regular basis >> to be sure that the disaster recovery really works. > > No arguments from me there. > > Regards, > > -- > You received this message because you are subscribed to the Google Groups > "bareos-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/CADiuDAQGUyhbS5ruFmU%2B0fCYpBnwE43mRsSfxFjV26J59KB6-g%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/7B9C7DD1-D50B-426C-A905-0440A938C957%40mlds-networks.com.
