I was thinking… if I have the “env”/credentials file on the server, anyone hacking my server could find that file and then run purge/forget commands with restic, and therefore clearing all the backups I have from that server.
Even if I don’t have the file always living on the server, and only when the backup runs, there’s still a risk that the hacker could find it while the backup runs.
Is there a way we could have a separate credential/user that only has permission to create a snapshot, but no permissions to forget/purge or do anything else to existing snapshots?
Happy to know your opinion on what best practices are usually followed to prevent disasters of backups being compromised together with the server being hacked.
(I use restic with AWS S3)