rdelaage
/
restic
mirror of https://github.com/restic/restic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
restic/changelog/unreleased/issue-2134

20 lines
916 B
Plaintext
Raw Normal View History

b2: Support file hiding instead of deleting them permanently Automatically fall back to hiding files if not authorized to permanently delete files. This allows using restic with an append-only application key with B2. Thus, an attacker cannot directly delete backups with the API key used by restic. To use this feature create an application key without the deleteFiles capability. It is recommended to restrict the key to just one bucket. For example using the b2 command line tool: b2 create-key --bucket <bucketName> <keyName> listBuckets,readFiles,writeFiles,listFiles Suggested-by: Daniel Gröber <dxld@darkboxed.org>
2022-10-21 22:48:17 +02:00
Enhancement: Support B2 API keys restricted to hiding but not deleting files
When the B2 backend does not have the necessary permissions to permanently
delete files, it now automatically falls back to hiding files. This allows
using restic with an application key which is not allowed to delete files.
This prevents an attacker to delete backups with the API key used by restic.
To use this feature create an application key without the deleteFiles
capability. It is recommended to restrict the key to just one bucket.
For example using the b2 command line tool:
b2 create-key --bucket <bucketName> <keyName> listBuckets,readFiles,writeFiles,listFiles
Alternatively, you can use the S3 backend to access B2, as described
in the documentation. In this mode, files are also only hidden instead
of being deleted permanently.
https://github.com/restic/restic/issues/2134
https://github.com/restic/restic/pull/2398