Clarification of keyfile backup

[rolandu]

Proposed clarification in response to my confusion in #6204.

[ThomasWaldmann]

Thinking about this: can't we just simply say that you must have a backup of the keys in any case and use borg key export for this?

In the end, it doesn't really matter where they are stored and how you lose them, but that for both options, it is possible to lose them.

[rolandu]

True, something like "backup the key in case you need it" is probably the shortest version for the end user.

My confusion really came from the fact that this said disaster recovery without a backup of the keyfile was impossible but I did remember doing just that last year (which was possible because I had repokey and not keyfile enc).

[ThomasWaldmann]

Or: By all means, backup the key! And keep the backup and your passphrase at a safe place.

[ThomasWaldmann]

Hmm, I just noticed we should document that elsewhere: In the borg key export docs.

Currently, we have 2 places talking about key backup:

• faq (== this PR)
• quickstart (the warning section below "repository encryption")

I think both places should only have one sentence about that where they link to borg key export docs.
Like "You must make a backup of your borg key, see --->borg key export how to do that.".

And everything else should get refactored and deduplicated into the borg key export docs.

[elho]

"keyfile keys" sound somewhat weird, I'd say they are just "keyfiles".

Also, the first part of this basically just reformarts into a single awfully long line. The file already has some variation in line lengths, but that should not be worsened.

[ThomasWaldmann]

well, agreed, it sounds a bit strange, but the types of borg keys we have are "keyfile" and "repokey".

so while it may sound a bit strange, it hopefully makes 100% clear what is meant.