diff --git a/docs/how-tos/encrypt-backups.md b/docs/how-tos/encrypt-backups.md index 546a0e6..647b941 100644 --- a/docs/how-tos/encrypt-backups.md +++ b/docs/how-tos/encrypt-backups.md @@ -21,6 +21,10 @@ gpg -o backup.tar.gz -d backup.tar.gz.gpg ## Using age encryption +{: .note } +Even though the `age` CLI tools supports encryption using SSH keys, this is not supported by this tool. +`AGE_PUBLIC_KEYS` currently expects `age` keys to be given. + age allows backups to be encrypted with either a symmetric key (password) or a public key. One of those options are available for use. Given `AGE_PASSPHRASE` being provided, the backup archive will be encrypted with the passphrase and saved as a `.age` file instead. Refer to age documentation for how to properly decrypt. diff --git a/docs/reference/index.md b/docs/reference/index.md index 25840f0..3b6cce2 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -337,6 +337,9 @@ You can populate below template according to your requirements and use it as you ########### BACKUP ENCRYPTION +# All of the encryption options are mutually exclusive. Provide a single option +# for the encryption scheme of your choice. + # Backups can be encrypted symmetrically using gpg in case a passphrase is given. # GPG_PASSPHRASE="" @@ -350,6 +353,16 @@ You can populate below template according to your requirements and use it as you #... #-----END PGP PUBLIC KEY BLOCK----- +# Backups can be encrypted symmetrically using age in case a passphrase is given. + +# AGE_PASSPHRASE="" + +# Backups can be encrypted asymmetrically using age in case publickeys are given. +# Multiple keys need to be provided as a comma separated list. Right now, this only +# support passing age keys, with no support for ssh keys. + +# AGE_PUBLIC_KEYS="" + ########### STOPPING CONTAINERS AND SERVICES DURING BACKUP # Containers or services can be stopped by applying a