I wrote a guide for how I use restic to back up multiple hosts to B2, might be helpful to someone:
I’ve been using this setup to back up four Ubuntu machines and it seems to be working well. I use pass to securely store the B2 application key and
RESTIC_PASSWORD on each machine, and I give my main machine access to every machine’s backups so I can do all the maintenance (
restic check) from one machine.
I suggest using
RESTIC_PASSWORD_COMMAND="$(pass show "$RESTIC_HOST"/RESTIC_PASS”
This way, I think, password does not leak via environmental variable, rather is decrypted on demand.
Am I right?
Yeah that seems to work, thanks. It’s a shame that there isn’t a
B2_ACCOUNT_KEY_COMMAND for the B2 application key as well.
I think this is the correct bash (so that
shellcheck doesn’t complain about anything):
And you also need to change
RESTIC_PASSWORD in the
export at the bottom of the script to
env.fish file it’s just:
set -x RESTIC_PASSWORD_COMMAND pass $RESTIC_HOST/RESTIC_PASSWORD
I updated the post with this suggestion, thanks