Re: [Duplicity-talk] Automated Backups with separate Encryption Key

[edgar . soldin]

On 20.03.2011 20:12, Hany Fahim wrote:
> Hi,
> 
> I've been a happy user of duplicity for about 6 months now and have been 
> loving it. I seem to have an issue which others apparently have as well:
> 
> https://bugs.launchpad.net/duplicity/+bug/687295
> <https://bugs.launchpad.net/duplicity/+bug/687295>http://thread.gmane.org/gmane.comp.sysutils.backup.duplicity.general/4245
> <http://thread.gmane.org/gmane.comp.sysutils.backup.duplicity.general/4245>https://bugs.launchpad.net/duplicity/+bug/497243
> 
> <https://bugs.launchpad.net/duplicity/+bug/497243>I automate the backup 
> process for several servers using a wrapper script. The script does a full 
> backup once a month, daily incrementals, and purges anything older than a 
> month. The issue I'm encountering is after one month of successful backups 
> and the execution of a purge, I am no longer able to backup. I've traced the 
> issue to the synchronization of the local and remote cache after a purge, and 
> the requirement for the private encryption key to decrypt the downloaded 
> cache. This seems counterintuitive since the whole point of having separate 
> signing and encryption keys to to allow the private key to be stored 
> off-server (unless of course restoration is required). My question is, how 
> would I go about successfully automating the backup and purging process of 
> each server without requiring the private key to be present on the servers 
> themselves?
> 

This is a known issue and still pending resolution. Until then you will have to 
have a private key on the backup machine. You can of course use second keyset 
to circumvent the need to have your own very secret private key on the backup 
machine.

sorry ede/duply.net