On Tue, Aug 25, 2020 at 10:57:44AM -0700, Simon Willison wrote: > I’d like the server that I backup using Tarsnap to only host the encryption > key needed to create the encrypted backup. I don’t want it to have the > decryption key used when running "tarsnap -x -f” to restore a backup.
As James said, the utility is tarsnap-keymgmt(1). In the docs, we call this schenario a "write-only key": https://www.tarsnap.com/tips.html#write-only-keys I'll take a look at adding the phrase "encryption key", and/or some other way of making that info easier to find. Cheers, - Graham
