I use tarsnapper as well, but only run it once per day so I can't speak to
a delta of "10h". I just use the number of days corresponding to the
duration. My deltas line is
deltas: 1d 7d 30d 90d 360d
Tweak as needed. Also my target includes the `name' variable:
target: <HOSTNAME>/$name-$date
On Fri, Aug 15, 2025 at 1:14 PM <[email protected]> wrote:
> Thanks Colin, I’ll reach out once it's done.
>
> I have ~2000 archives. I likely skipped pruning planning when setting up
> tarsnap-gui (haven’t reinstalled it on my reset Mac, so not sure if it even
> supported pruning). I don’t want to keep this many archives — and even
> re-encryption won’t be fast with so many, even if each archive is small.
>
> I saw '--fsck-prune' but it’s not what I thought.
>
> Is there a simple way to delete all except something like — hourly:10
> daily:7 weekly:6 monthly:12 yearly:5?
>
> I have 'tarsnap --list-archives | sort' saved (can add '-v' if needed),
> and since all archive names end in '%Y-%m-%d_%H-%M-%S', I can script
> something or use an LLM to pick which to keep.
>
> I found https://mail.tarsnap.com/tarsnap-users/msg01678.html and had seen
> the helper scripts section already. So Tarsnapper is available on homebrew
> luckily, because couldn’t make prunef ‘make install’ happen.
>
> But then Tarsnapper uses some retention scheme (i.e deltas) in such a way
> that I guess I can only use days. So it doesn't work:
>
> [tarsnapper’s config.yml]:
>
> jobs:
> prune:
> target: "{date}"
> dateformat: "%Y-%m-%d_%H-%M-%S"
> deltas: 10h 7d 6w 12m 5y
>
> [and then (I will remove dry-run after checking once)]:
> tarsnapper -c ~/.config/tarsnapper/config.yaml expire --dry-run
>
> results in:
>
> > tarsnapper.config.ConfigError: Not a valid delta: 12m
>
>
> PS. Any easy way to search across https://mail.tarsnap.com/tarsnap-users,
> other than opening every link one by one?
>
> > On 15 Aug 2025, at 3:07 AM, Colin Percival <
> [email protected]> wrote:
> >
> > On 8/14/25 11:04, [email protected] wrote:
> >> I *have to* change my tarsnap key (or rather, stop using the old key).
> >> I see this https://www.tarsnap.com/tips.html#copy-archive as well but
> I don’t really understand what it is and what it does - but I don’t see a
> key mentioned in the command so I guess not like “restic copy”.
> >
> > Right, that's for copying one archive, using the same keys and within the
> > same archival space.
> >
> >> This https://www.tarsnap.com/man-tarsnap-recrypt.1.html seems to be
> the only way, right?
> >
> > Yes. That creates a new archival space, copies everything across, and
> then
> > deletes the old copy.
> >
> >> Also, the original/existing key was not *passworded*, can I generate
> the new key as ‘--passphrased’ and then proceed with the recrypt? I am
> asking because I believe to re-encrypt, ‘tarsnap-keyregen’ has to be used
> and the key is derived from the old key.
> >
> > Correct. To be more precise, the chunking parameters are kept from the
> old
> > key but everything else is generated anew. (The chunking parameters
> need to
> > be kept so that new data will deduplicate against the copied data.)
> >> This also raised the question - does it render the old key useless
> after the re-encryption is done, or both keys have access now?
> >
> > Both keys will work but they'll access different archival spaces (and the
> > old keys will point to an archival space with no archives after recrypt
> > deletes everything using the old keys).
> >
> > If this is a "keys were stolen" scenario then let me know and I can
> disable
> > the old keys.
> >
> > --
> > Colin Percival
> > FreeBSD Release Engineering Lead & EC2 platform maintainer
> > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly
> paranoid
> >
>
>
>
