Closed lightonflux closed 6 months ago
Of course handling secrets is an issue, but for home users having unencrypted backups or storing the secrets on the server might be okay. For more security conscious setups borgwarehouse could communicate with a secrets provider. E.g. Vault or Bitwarden/Vaultwarden. Or just provide a field where admins can drop their own curl command, reducing the need for maintaining interfaces to external APIs.
Edit: Which would look something like this:
curl \
--header "X-Vault-Token: <your_token_here>" \
--request GET \
http://your-vault-address:8200/v1/secret/data/your_secret_path
Hi! For the time being, BorgWarehouse will only work on the server side and will not integrate the client side. There are many BorgBackup clients that do the job very well. You can configure Vorta or Borgmatic to manage backup pruning. This also enables e2e encryption, ensuring that the password never leaves the client side.
It's important to me that BorgWarehouse concentrates on server-side functionality, as this is its real added value. In short, if a feature requires the backup encryption password, it's a client-side feature that won't be supported.
I would really like a server side prune. Is within the scope of borgwarehouse? Especially with append-only this is quite important. And also for performance reasons.