From 578fbe087e2a18ed5c1ac73c4a6d9947b4a757ec Mon Sep 17 00:00:00 2001 From: rolandu <4238671+rolandu@users.noreply.github.com> Date: Sun, 30 Jan 2022 20:26:12 +0000 Subject: [PATCH] Clarification of keyfile backup Proposed clarification in response to my confusion in https://github.com/borgbackup/borg/issues/6204. --- docs/faq.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/faq.rst b/docs/faq.rst index 7995a587d4..f4712db15f 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -514,10 +514,12 @@ The Borg config directory has content that you should take care of: recovered. ``keys`` subdirectory - All your borg keyfile keys are stored in this directory. Please note that - borg repokey keys are stored inside the repository. You MUST make sure to have an - independent backup of these keyfiles, otherwise you cannot access your backups anymore if you lose - them. You also MUST keep these files secret; everyone who gains access to your repository and has + All your borg keyfile keys are stored in this directory. Please note that borg repokey keys are stored inside the repository. + + If you use keyfile encryption, you MUST make sure to have an independent backup of these keyfiles, otherwise you cannot access your backups anymore if you lose + them. If you use repokey encryption it is also highly recommended that you backup the keyfiles in case the originals (stored within the repository) get damaged. The best way to create a backup is using the ``borg key export`` command. + + You also MUST keep these files secret; everyone who gains access to your repository and has the corresponding keyfile (and the key passphrase) can extract it. Make sure that only you have access to the Borg config directory.