Open infokiller opened 5 years ago
motwok
commented
5 years ago The Crypto is used to protect the "privacy" of the backup data.
There is already a way to do a "append only" protection:
borg serve --append-only
works with ssh access (needs some configuration on the serverside)
Emmo
infokiller
commented
5 years ago @motwok thanks, append only protection is indeed close to what I'm proposing, but we can still benefit from more fine grained access control. For example, there could be a key that authorization for appending one backup a day, but that's it. The key can't be used to delete archives or even read them. Similarly, there could be a key just for restricted pruning (so that an attacker who gains access to the key won't be able to do aggressive pruning to delete data).
ThomasWaldmann
commented
5 years ago iirc we already have some issue about this on this issue tracker.
motwok
commented
5 years ago @infokiller I agree some kind of access control would be neat.
Besides of the effort needed to support session keys (some asymetric key crypto is needed) i can imagine a secure scenario for management (delete, prune, list), data access (decrypting content) and appending by using a separate key for access to metadata, contentdata and appending. (just a pre-alpha-thought[TM])
Have you checked borgbackup docs, FAQ, and open Github issues?
Yes
Is this a BUG / ISSUE report or a QUESTION?
This is a feature from Tarsnap that I'd like to have. See the short security overview for the basic description, but the idea is to be able to support multiple keys in a repository, where each key can be granted individual permissions. For example, this makes it possible to define two keys:
This improves the security of the overall backup setup by implementing the principle of least principle.