update docs / docstring about new key location

borg/archiver.py

@@ -1213,7 +1213,7 @@ def build_parser(self, args=None, prog=None):
         It will change the magic strings in the repository's segments
         to match the new Borg magic strings. The keyfiles found in
         $ATTIC_KEYS_DIR or ~/.attic/keys/ will also be converted and
-        copied to $BORG_KEYS_DIR or ~/.borg/keys.
+        copied to $BORG_KEYS_DIR or ~/.config/borg/keys.
 
         The cache files are converted, from $ATTIC_CACHE_DIR or
         ~/.cache/attic to $BORG_CACHE_DIR or ~/.cache/borg, but the

borg/upgrader.py

@@ -137,7 +137,7 @@ def convert_keyfiles(keyfile, dryrun):
         replacement pattern is `s/ATTIC KEY/BORG_KEY/` in
         `get_keys_dir()`, that is `$ATTIC_KEYS_DIR` or
         `$HOME/.attic/keys`, and moved to `$BORG_KEYS_DIR` or
-        `$HOME/.borg/keys`.
+        `$HOME/.config/borg/keys`.
 
         no need to decrypt to convert. we need to rewrite the whole
         key file because magic string length changed, but that's not a

docs/internals.rst

@@ -358,7 +358,7 @@ Key files
 ---------
 
 When initialized with the ``init -e keyfile`` command, |project_name|
-needs an associated file in ``$HOME/.borg/keys`` to read and write
+needs an associated file in ``$HOME/.config/borg/keys`` to read and write
 the repository. The format is based on msgpack_, base64 encoding and
 PBKDF2_ SHA256 hashing, which is then encoded again in a msgpack_.
 

docs/quickstart.rst

@@ -167,7 +167,7 @@ is being made.
     protection. The repository server never sees the plaintext key.
 
 ``keyfile`` mode
-    The key is stored on your local disk (in ``~/.borg/keys/``).
+    The key is stored on your local disk (in ``~/.config/borg/keys/``).
     Use this mode if you want "passphrase and having-the-key" security.
 
 In both modes, the key is stored in encrypted form and can be only decrypted

docs/usage.rst

@@ -85,7 +85,7 @@ Some automatic "answerers" (if set, they automatically answer confirmation quest
 
 Directories:
     BORG_KEYS_DIR
-        Default to '~/.borg/keys'. This directory contains keys for encrypted repositories.
+        Default to '~/.config/borg/keys'. This directory contains keys for encrypted repositories.
     BORG_CACHE_DIR
         Default to '~/.cache/borg'. This directory contains the local cache and might need a lot
         of space for dealing with big repositories).
@@ -203,9 +203,9 @@ be stored inside the repository (in its "config" file). In above mentioned
 attack scenario, the attacker will have the key (but not the passphrase).
 
 If you want "passphrase and having-the-key" security, use the ``keyfile`` mode.
-The key will be stored in your home directory (in ``.borg/keys``). In the attack
-scenario, the attacker who has just access to your repo won't have the key (and
-also not the passphrase).
+The key will be stored in your home directory (in ``.config/borg/keys``). In
+the attack scenario, the attacker who has just access to your repo won't have
+the key (and also not the passphrase).
 
 Make a backup copy of the key file (``keyfile`` mode) or repo config file
 (``repokey`` mode) and keep it at a safe place, so you still have the key in
@@ -411,15 +411,15 @@ Examples
     Initializing repository at "/mnt/backup"
     Enter passphrase (empty for no passphrase):
     Enter same passphrase again: 
-    Key file "/home/USER/.borg/keys/mnt_backup" created.
+    Key file "/home/USER/.config/borg/keys/mnt_backup" created.
     Keep this file safe. Your data will be inaccessible without it.
 
     # Change key file passphrase
     $ borg change-passphrase /mnt/backup
-    Enter passphrase for key file /home/USER/.borg/keys/mnt_backup:
+    Enter passphrase for key file /home/USER/.config/borg/keys/mnt_backup:
     New passphrase: 
     Enter same passphrase again: 
-    Key file "/home/USER/.borg/keys/mnt_backup" updated
+    Key file "/home/USER/.config/borg/keys/mnt_backup" updated
 
 
 .. include:: usage/serve.rst.inc