Restic key add : why, for what?

Maybe I do not have understood restics’ password concept:
Why should one add new repository keys?

Here I read only the syntax but not the semantic of password (key) management:

https://restic.readthedocs.io/en/stable/070_encryption.html

With “restic key add” I was able to add a new key. I have full access to the repository with both keys.
But what is the advantage of having more than one password key?

1 Like

If a repository is used by multiple clients, they can have each their own key to it. That way, if one client is decommissioned or similar, that client’s key can be deleted, and the other clients can still keep using the repository. If all clients used the same key, then the key would have to be replaced when that client leaves, and the other clients would then have to update their configuration to use the new key. That’s just one use case, there’s others as well.

2 Likes

Besides potential use-cases for multiple keys, keep in mind that the repository is encrypted by a single master key. If you have that key, you can access all data and modify the repository in any way you want. Any client having a key can derive (and potentially save) that masterkey; there is even restic cat masterkey which is just doing this.

I personally found one use case for key add: As you can’t access a repository if the key file is lost or damaged, you might want to have a backup at hand. Using key add (potentially even with the same password) is a simple way to create such a backup.

5 Likes

Just to be sure: that means, if I use one key slot per machine to a central repository and if one machine gets compromized, just remove this key and keep the others. Any attacker could still use the knowledge about one key to derive the master key and access the repo?

@noeck It depends. If you remove the key, an attacker knowing only the password to this key will be no longer able to derive the master key or access the repository. However, if an attacker used that key at any time before you remove it, they might have saved that key(-file) or the masterkey and therefore still have full access to the repository.

3 Likes

@alexweiss Thanks, understood.

1 Like