From 2eb64ba31c4b3d163c6a7ba213c88601ef92eeb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Tue, 11 Jun 2024 14:17:37 +0200 Subject: [PATCH] fix #5525: storage: pbs: improve master-pubkey docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add the information that the parameter is special like other secret ones, and add the resulting config to the example to make it even more obvious. Signed-off-by: Fabian Grünbichler [FE: remove equals sign from config example] Signed-off-by: Fiona Ebner --- pve-storage-pbs.adoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pve-storage-pbs.adoc b/pve-storage-pbs.adoc index 84d598f..d65448d 100644 --- a/pve-storage-pbs.adoc +++ b/pve-storage-pbs.adoc @@ -64,8 +64,11 @@ Optional. master-pubkey:: A public RSA key used to encrypt the backup encryption key as part of the -backup task. The encrypted copy will be appended to the backup and stored on -the Proxmox Backup Server instance for recovery purposes. +backup task. Will be saved in a file under +`/etc/pve/priv/storage/.master.pem` with access restricted to the +root user. +The encrypted copy of the backup encryption key will be appended to each backup +and stored on the Proxmox Backup Server instance for recovery purposes. Optional, requires `encryption-key`. .Configuration Example (`/etc/pve/storage.cfg`) @@ -77,6 +80,8 @@ pbs: backup fingerprint 09:54:ef:..snip..:88:af:47:fe:4c:3b:cf:8b:26:88:0b:4e:3c:b2 prune-backups keep-all=1 username archiver@pbs + encryption-key a9:ee:c8:02:13:..snip..:2d:53:2c:98 + master-pubkey 1 ---- Storage Features