On Tue, Aug 8, 2017 at 10:44 AM, Daniel Beck <[email protected]> wrote: > Backups that exclude the secrets/ directory don't compromise secrets even if > the backups are made accessible to unauthorized people.
To clarify, it is just `secrets/master.key` which should be excluded from backups. The rest of the `secrets/` directory is (at least in theory) unreadable without `master.key`, and in fact *should* be backed up if you plan to be able to do anything after restore from backup without recreating every secret in the system. It is convenient to exclude `master.key` since, once created on initial startup, it never changes and so can be kept on a sticky note in your bank vault. Cf. https://go.cloudbees.com/docs/cloudbees-documentation/cje-user-guide/index.html#backup-sect-configure -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr03Sj0fDPeMZfdMyZrespks_5hf4j5sEdvURaCA%3Dk-AFw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
