psw/borgmatic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Be more explicit in documentation that you don't have to use an environment variable for passphrases.

Browse source
This commit is contained in:
Dan Helfman 2023-10-10 09:34:55 -07:00
parent e07efdf68f
commit 09594c85bf
1 changed files with 18 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
docs/how-to/provide-your-passwords.md
View file

@ -9,9 +9,15 @@ eleventyNavigation:
If you want to use a Borg repository passphrase or database passwords with If you want to use a Borg repository passphrase or database passwords with
borgmatic, you can set them directly in your borgmatic configuration file, borgmatic, you can set them directly in your borgmatic configuration file,
treating those secrets like any other option value. But if you'd rather store treating those secrets like any other option value. For instance, you can
them outside of borgmatic, whether for convenience or security reasons, read specify your Borg passhprase with:
on.
```yaml
encryption_passphrase: yourpassphrase
```
But if you'd rather store them outside of borgmatic, whether for convenience
or security reasons, read on.
<span class="minilink minilink-addedin">New in version 1.6.4</span> borgmatic <span class="minilink minilink-addedin">New in version 1.6.4</span> borgmatic
supports interpolating arbitrary environment variables directly into option supports interpolating arbitrary environment variables directly into option
@ -20,14 +26,14 @@ pull your repository passphrase, your database passwords, or any other option
values from environment variables. For instance: values from environment variables. For instance:
```yaml ```yaml
encryption_passphrase: ${MY_PASSPHRASE} encryption_passphrase: ${YOUR_PASSPHRASE}
``` ```
<span class="minilink minilink-addedin">Prior to version 1.8.0</span> Put <span class="minilink minilink-addedin">Prior to version 1.8.0</span> Put
this option in the `storage:` section of your configuration. this option in the `storage:` section of your configuration.
This uses the `MY_PASSPHRASE` environment variable as your encryption This uses the `YOUR_PASSPHRASE` environment variable as your encryption
passphrase. Note that the `{` `}` brackets are required. `$MY_PASSPHRASE` by passphrase. Note that the `{` `}` brackets are required. `$YOUR_PASSPHRASE` by
itself will not work. itself will not work.
In the case of `encryption_passphrase` in particular, an alternate approach In the case of `encryption_passphrase` in particular, an alternate approach
@ -42,25 +48,26 @@ the same approach applies. For example:
```yaml ```yaml
postgresql_databases: postgresql_databases:
- name: users - name: users
password: ${MY_DATABASE_PASSWORD} password: ${YOUR_DATABASE_PASSWORD}
``` ```
<span class="minilink minilink-addedin">Prior to version 1.8.0</span> Put <span class="minilink minilink-addedin">Prior to version 1.8.0</span> Put
this option in the `hooks:` section of your configuration. this option in the `hooks:` section of your configuration.
This uses the `MY_DATABASE_PASSWORD` environment variable as your database This uses the `YOUR_DATABASE_PASSWORD` environment variable as your database
password. password.
### Interpolation defaults ### Interpolation defaults
If you'd like to set a default for your environment variables, you can do so with the following syntax: If you'd like to set a default for your environment variables, you can do so
with the following syntax:
```yaml ```yaml
encryption_passphrase: ${MY_PASSPHRASE:-defaultpass} encryption_passphrase: ${YOUR_PASSPHRASE:-defaultpass}
``` ```
Here, "`defaultpass`" is the default passphrase if the `MY_PASSPHRASE` Here, "`defaultpass`" is the default passphrase if the `YOUR_PASSPHRASE`
environment variable is not set. Without a default, if the environment environment variable is not set. Without a default, if the environment
variable doesn't exist, borgmatic will error. variable doesn't exist, borgmatic will error.