mirror of https://github.com/borgbackup/borg.git
soften environment security warning to a note, and cross-ref to avoid dupe
This commit is contained in:
parent
c7c02ef725
commit
de9e9d14b7
13
docs/faq.rst
13
docs/faq.rst
|
@ -81,10 +81,15 @@ automated encrypted backups. Another option is to use
|
||||||
key file based encryption with a blank passphrase. See
|
key file based encryption with a blank passphrase. See
|
||||||
:ref:`encrypted_repos` for more details.
|
:ref:`encrypted_repos` for more details.
|
||||||
|
|
||||||
.. caution:: When passing the passphrase through the environment, the
|
.. _password_env:
|
||||||
passphrase can be read by any user on the same system, so
|
.. note:: Be careful how you set the environment; using the ``env``
|
||||||
the use of this technique is strongly discouraged on
|
command, a ``system()`` call or using inline shell scripts
|
||||||
multi-user systems.
|
might expose the credentials in the process list directly
|
||||||
|
and they will be readable to all users on a system. Using
|
||||||
|
``export`` in a shell script file should be safe, however, as
|
||||||
|
the environment of a process is `accessible only to that
|
||||||
|
user
|
||||||
|
<http://security.stackexchange.com/questions/14000/environment-variable-accessibility-in-linux/14009#14009>`_.
|
||||||
|
|
||||||
When backing up to remote encrypted repos, is encryption done locally?
|
When backing up to remote encrypted repos, is encryption done locally?
|
||||||
----------------------------------------------------------------------
|
----------------------------------------------------------------------
|
||||||
|
|
|
@ -150,10 +150,9 @@ by providing the correct passphrase.
|
||||||
For automated backups the passphrase can be specified using the
|
For automated backups the passphrase can be specified using the
|
||||||
`BORG_PASSPHRASE` environment variable.
|
`BORG_PASSPHRASE` environment variable.
|
||||||
|
|
||||||
.. caution:: When passing the passphrase through the environment, the
|
.. note:: Be careful about how you set that environment, see
|
||||||
passphrase can be read by any user on the same system, so
|
:ref:`this note about password environments <password_env>`
|
||||||
the use of this technique is strongly discouraged on
|
for more information.
|
||||||
multi-user systems.
|
|
||||||
|
|
||||||
.. important:: The repository data is totally inaccessible without the key:**
|
.. important:: The repository data is totally inaccessible without the key:**
|
||||||
Make a backup copy of the key file (``keyfile`` mode) or repo config
|
Make a backup copy of the key file (``keyfile`` mode) or repo config
|
||||||
|
|
Loading…
Reference in New Issue