I had a very blond moment yesterday:
I needed to reinstall a host with a few VMs on it. I created a new restic repository with a typed password (that I remember). Then I thought I could keep this backup after the move, so I decided to add a new password file with
head -c 1024 /dev/urandom | base64 > restic-key
and then delete the existing one
restic key remove
Backup is all fine, did a check data and everything.
Reinstall the host machine (and repatitioning the disk as well)
Then I realized the random key is … in the backup. Only.
It is very possible the random key file is still readable on the disk, but since it was generated randomly, I have no idea what to look for (no header, no footer that I can recognize).
Now, my question is, how is a key deleted from a repository? Is it rewriting a file? Is it creating a new file without the deleted key? Is there any possibility I can scan the disk for it? because I remember the password I used.
It’s not a big deal, there wasn’t anything particularly important on these VMs. I’ll just have to reinstall them, that’s all.
Thanks for your help