Hi thanks for the lib! When checking the design doc, I am worried about a point, and hope to be proved I am wrong!
Consider what happens if the repository has bit flip or accidentically delete a file. For most files, it is bad but not that bad, because only one file will be corrupted. However, if the key file is bit-flipped or deleted, then nobody can decrypt the repository IMHO, and thus the whole repository just become dead.
You are correct that the key files are vital for being able to access the repository. Since they will not change over time (unless you e.g. use the restic key command to do so) you can safely back them up separately along with the config file. That way you should be good.
@rawtaz Thank you! I also thought about something a bit similar but I originally thought that must have some problems. So, I wonder,
key folder (2) config file. Is there any more files?The key file is kind of a single point of failure. But you can have multiple keys and only need one to access the repository. So another strategy is to simply add one or more keys using restic key add. Note that even multiple key files with the identical password are possible.
The config file is way less critical. restic refuses to work without, but in fact it only contains a version, the repository id (which is only used to access the right cache dir) and the chunker polynomial. So without the config file, it would be technical possible to read all data and all snapshots from the repository. You would only lose some deduplication possibility for new backups into this repository.
Where would I find the key and config files mentioned if I wanted to back them up? It’s not clear to me if these are on my local system or stored in my repository.
Thanks.
They are inside the repo in the keys directory. You can’t miss them when looking into a repository.