I perform 4 automated backups per day. I used tarsnap-keymgmt to make a key with only rw access. My thinking:
* Access to the key (root on the server) implies access to the data on the server, so read is already granted. * Write since it's needed to make backups. In this case the only thing worse than getting root on the box (and reading the tarsnap key) would be deleting the data *and* all backups, which this specifically prevents. -Nick On Fri, Feb 14, 2014 at 10:43 AM, Joshua Kolash <[email protected]> wrote: > Curious Question for people who use tarsnap for automated backups. > > I assume most people just have the keyfile as unencrypted, as it doesn't > require any prompting. > > Does anyone keep the keyfile encrypted and have automated backups? > > I'm imagining the following server setup. > > Have a BackupBox with the encrypted keyfile and the backup contents. > > Have a PasswordBox with the password to the keyfile and have the PasswordBox > simply ssh into the BackupBox and enter the password into tarsnap on a > regular basis. The PasswordBox can then be sealed off except for > re-initializing the password and ssh schedule. In effect it is like having a > single purpose ssh-agent that lasts forever for narrowly defined tasks. > > Does anyone do anything like this? Or is this needless complexity for little > if any security gain? You still need to trust BackupBox to not be evil. > > As I want automated backups I think the only point to encrypting the keyfile > would be for the printed paper backup.
