search

Ravinou / borgwarehouse

A fast and modern WebUI for a BorgBackup's central repository server.
https://borgwarehouse.com
GNU Affero General Public License v3.0
362 stars 21 forks source link

Server side prune #165

Closed lightonflux closed 6 months ago

lightonflux commented 7 months ago

I would really like a server side prune. Is within the scope of borgwarehouse? Especially with append-only this is quite important. And also for performance reasons.

lightonflux commented 7 months ago

Of course handling secrets is an issue, but for home users having unencrypted backups or storing the secrets on the server might be okay. For more security conscious setups borgwarehouse could communicate with a secrets provider. E.g. Vault or Bitwarden/Vaultwarden. Or just provide a field where admins can drop their own curl command, reducing the need for maintaining interfaces to external APIs.

Edit: Which would look something like this:

curl \
  --header "X-Vault-Token: <your_token_here>" \
  --request GET \
  http://your-vault-address:8200/v1/secret/data/your_secret_path
Ravinou commented 6 months ago

Hi! For the time being, BorgWarehouse will only work on the server side and will not integrate the client side. There are many BorgBackup clients that do the job very well. You can configure Vorta or Borgmatic to manage backup pruning. This also enables e2e encryption, ensuring that the password never leaves the client side.

It's important to me that BorgWarehouse concentrates on server-side functionality, as this is its real added value. In short, if a feature requires the backup encryption password, it's a client-side feature that won't be supported.