Hi,
First thanks for this very nice piece of software. The general setup of restic is quite easy and the software is very speedy.
In restic (0.18) when copying snapshots from one repository to another, it is necessary to provide the repository encryption key (of both sides), which is understandable as it’s necessary to be able to know the relationships between files and packs.
However, this means that in order to implement restic copies for a typical 3-2-1 backup approach to an offsite location, you need to disclose the key of the data to the system that makes the copy.
This is introducing a risk as if a hacker get access to the software where the copy is made, it will have both access to the key and the data.
By introducing a differentiated key for the repository and for the data encryption, it could be possible to manipulate the backup data using repository keys, while not being able in anyway to get access to the data without the data decryption key. The data key can then be kept on the initial server and in a secure location only available to persons allowed to decrypt the data.
I was wondering if this has been thought off ?
Thanks
Ludovic