Rotation with separated keys

[Mauro Ciancio <mauro.ciancio@cymait.com>]

Hello list,

I've been a Tarsnap user for three months and I'am very happy so far. A few days ago this mail was sent to the list:

On Fri, Dec 12, 2014 at 12:37 AM, Andreas Olsson <andreas@arrakis.se> wrote:

Please do make a mention of the alternatives that backups can either be
rotated by the machine being backed up or be rotated by a separate, more
locked down, machine. That is, the distinction where there is a key file
which has the delete permission.

It's just that I find the
possibility to split up tarsnap's read, write and delete permissions a
really good thing.

I would like to know how to implement this scheme in which I have an append-only key backuping in the production machine. I'd prefer NOT to have a delete-key in this machine but keep it elsewhere (my laptop, another server) that performs the rotation of old backups.

This is pretty straightforward to do but I think I'm missing something. Every time I rotate old backups I have to run fsck in the production server so it can continue to backup. But in order to run fsck in the production server, I must have a fsck-enabled key, but this goes against my initial need of having only one key in the production server.

In order to make this work, I would have to upload the fsck-enabled key or ssh into the production server, upload the temporary key, run fsck and then delete it.

Is this OK?

Thanks you all!

--

Mauro Ciancio