Recover from a previous password?


I had a very blond moment yesterday:

I needed to reinstall a host with a few VMs on it. I created a new restic repository with a typed password (that I remember). Then I thought I could keep this backup after the move, so I decided to add a new password file with
head -c 1024 /dev/urandom | base64 > restic-key
and then delete the existing one
restic key remove

Backup is all fine, did a check data and everything.
Reinstall the host machine (and repatitioning the disk as well)

Then I realized the random key is … in the backup. Only. :scream:

It is very possible the random key file is still readable on the disk, but since it was generated randomly, I have no idea what to look for (no header, no footer that I can recognize).

Now, my question is, how is a key deleted from a repository? Is it rewriting a file? Is it creating a new file without the deleted key? Is there any possibility I can scan the disk for it? because I remember the password I used.

It’s not a big deal, there wasn’t anything particularly important on these VMs. I’ll just have to reinstall them, that’s all.

Thanks for your help :slight_smile:

I looked up the code, and the documentation :slight_smile:

The way the restic key was deleted is simply by deleting a file in the keys folder. I checked with ext4magic and the block where the key was has been rewritten over. No surprise there, I did the backup after cleaning up the passwords.

I guess I’m stuck: I’m not going to search for the random password on the original disk :thinking:

Never mind, I’m good for downloading a Windows 10 install disk :unamused: