Open bereska opened 3 years ago
Generally what I do for my backups, which I should really automate, is just tar gzip the bw_data
folder and send it to some form of cold-storage. Personally, I don't even go as far as stopping bitwarden when I am doing this because I rarely add new data to the system, only upon registration or password updates, so the reads are the heavy lifting here.
I would ABSOLUTELY encrypt the tar file even though the data stored by sqlite is already encrypted. It's better to have 2 great locks than just 1 in my opinion. Obviously, use a different password than your master password, but this seems like a good idea to me.
If you wanted to add a makefile
in a PR to do the tar file creation, I'd be happy to review and add it to the project! The actual storage or encryption options should be left to the user IMO.
Personally, I will likely be looking at storing my backups in a versioned S3 bucket on AWS. I may even opt for glacier storage as I don't intend to read the data often, only in a disaster recovery scenario and I can live for 12-24 hours without my passwords being accessible.
hi Ben, thanks for your response. I've made a lot of changes to your original setup while waiting for your reply including enabling admin web console, invite-only registration with e-mail verification and hourly backup of bw_data to a remote. Please bear with me a while to come up with a PR for all the proposed changes in one run)
would rclone be a simple and reliable backup option for this setup? I take it the whole bw_data folder needs to be backed up including rsa keys? Would you sync it as is or tar gzip first? I guess the container must be stopped for sync to work properly, right? I am also thinking of adding an extra layer of security by encrypting the tar.gz backup file with gpg before sending it to clouds like dropbox, onedrive, etc. pls let know your thoughts thank you