mirror of
https://github.com/offen/docker-volume-backup.git
synced 2024-11-14 18:40:26 +01:00
44ad3bbda2
GPG is known to have usability issues and is generally cumbersome to use. age [0] is a modern alternative to GPG that is designed by a cryptographer that has worked and continues to work on Golang's crypto packages for years. Allowing age to be used to encrypt backups dramatically simplifies the backup process. [0]: https://age-encryption.org/
29 lines
1.2 KiB
Markdown
29 lines
1.2 KiB
Markdown
---
|
|
title: Encrypting backups
|
|
layout: default
|
|
parent: How Tos
|
|
nav_order: 7
|
|
---
|
|
|
|
# Encrypting backups
|
|
|
|
The image supports encrypting backups using one of two available methods: **GPG** or **[age](https://age-encryption.org/)**
|
|
|
|
## Using GPG encryption
|
|
|
|
In case a `GPG_PASSPHRASE` or `GPG_PUBLIC_KEY_RING` environment variable is set, the backup archive will be encrypted using the given key and saved as a `.gpg` file instead.
|
|
|
|
Assuming you have `gpg` installed, you can decrypt such a backup using (your OS will prompt for the passphrase before decryption can happen):
|
|
|
|
```console
|
|
gpg -o backup.tar.gz -d backup.tar.gz.gpg
|
|
```
|
|
|
|
## Using age encryption
|
|
|
|
age allows backups to be encrypted with either a symmetric key (password) or a public key. One of those options are available for use.
|
|
|
|
Given `AGE_PASSPHRASE` being provided, the backup archive will be encrypted with the passphrase and saved as a `.age` file instead. Refer to age documentation for how to properly decrypt.
|
|
|
|
Given `AGE_PUBLIC_KEYS` being provided (allowing multiple by separating each public key with `,`), the backup archive will be encrypted with the provided public keys. It will also result in the archive being saved as a `.age` file.
|