On Tue, Aug 8, 2017 at 10:44 AM, Daniel Beck <m...@beckweb.net> wrote:
> Backups that exclude the secrets/ directory don't compromise secrets even if 
> the backups are made accessible to unauthorized people.

To clarify, it is just `secrets/master.key` which should be excluded
from backups. The rest of the `secrets/` directory is (at least in
theory) unreadable without `master.key`, and in fact *should* be
backed up if you plan to be able to do anything after restore from
backup without recreating every secret in the system. It is convenient
to exclude `master.key` since, once created on initial startup, it
never changes and so can be kept on a sticky note in your bank vault.
Cf.

https://go.cloudbees.com/docs/cloudbees-documentation/cje-user-guide/index.html#backup-sect-configure

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr03Sj0fDPeMZfdMyZrespks_5hf4j5sEdvURaCA%3Dk-AFw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to