[question] Is it safe to expose bcup archives online?

[tcodes0]

I have commited my bcup archive to a public repo I use to pull/push from, to keep my machines in sync. Given that the vault is encrypted, is it a dumb risk to do this or relatively safe?

I mean, I suppose I could do a git sub module with my sensitive stuff and put that in a private repo... thoughts?

[perry-mitchell]

@Thomazella for the record: it's definitely not a good idea to expose the vault publicly. Due care should be taken to ensure that the vault is not ever located somewhere that might eventually become visible to a 3rd party.

Your vault is strongly encrypted, and it'd take a skilled person, with decent crypto knowledge, and a lot of computing power, a good long time to have any remote chance at cracking it. That being said, if they have your vault, they can take their time and subject it to a good amount of brute-force decryption attempts. This is not something I'd ever want to risk - if they're patient enough, they'll eventually get in.

Git repos are tricky as they store history. It'd be one thing to delete it and forget about the git revisions where your vault still exists. I'd recommend against using Git for storing a vault with personal account information inside it.

That being said, I do commit a bcup file to git for certain services that use the vault for authentication during runtime.

[perry-mitchell]

My recommendation: Use a cloud hosting service - even Dropbox or Google. They're fine and are infinitely safer than a public git repo :).

Closing this as I believe the question to be answered.