[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: splitting key across machines

To: tarsnap-users@tarsnap.com
Subject: Re: splitting key across machines
From: tarsnap <tarsnap@infopower.nl>
Date: Wed, 7 May 2014 07:21:18 +0000
Authentication-results: protagonist.nl; auth=pass smtp.auth=82.150.140.96
In-reply-to: <CAK=48n6=uNddpx2eKwwETDDM+RH5JtFW=cMWEjgvbHjfcjj3yw@mail.gmail.com>
References: <CAK=48n6=uNddpx2eKwwETDDM+RH5JtFW=cMWEjgvbHjfcjj3yw@mail.gmail.com>

On Tue, 6 May 2014 17:35:00 -0700
The Farmer <are.you.the.farmer@gmail.com> wrote:

> If I use tarsnap-keymgmt to create a key that can only create new
> archives, and another key that can list and delete old ones, and want
> to use them from different machines, what's the best way to do that?
> 
> I don't want an attacker who gains access to the machine I'm backing
> up to be able to delete old backups, but I don't want to keep old
> backups indefinitely, so my plan is to delete old backups from a
> different machine.
> 
> I'm guessing the best plan is to use rsync to keep the cache folders
> in sync on the two machines, but do they need to be synced in both
> directions, or is it enough to copy from the machine which creates
> archives to the one which deletes them?
> 
> If it needs to go both ways then I guess I also need to put some kind
> of semaphore in place to make sure only one machine is using tarsnap
> at a time.

Wouldn't it be easier to store those keys on a USB stick and point
tarsnap to it when needed?

References:
- splitting key across machines
  - From: The Farmer <are.you.the.farmer@gmail.com>

Prev by Date: de-duplication detail
Next by Date: Re: de-duplication detail
Previous by thread: splitting key across machines
Next by thread: Re: splitting key across machines
Index(es):
- Date
- Thread