Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow backups to be encrypted with age #432

Merged
merged 1 commit into from
Aug 19, 2024
Merged

feat: allow backups to be encrypted with age #432

merged 1 commit into from
Aug 19, 2024

Conversation

nkcmr
Copy link
Contributor

@nkcmr nkcmr commented Jun 18, 2024

GPG is known to have usability issues and is generally cumbersome to use. age 0 is a modern alternative to GPG that is designed and implemented by a cryptographer that has worked and continues to work on Golang's crypto packages for years.

Allowing age to be used to encrypt backups dramatically simplifies the backup process.

m90
m90 reviewed Jun 19, 2024
View reviewed changes
Copy link
Member

@m90 m90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, I am happy to add the feature and merge this. I left two questions for my understanding inline. In addition to that it'd be great if you could also add a test case for the new feature. You can probably just copy the existing gpg one and work off of that. If you need to install additional tools for the test container, here's the place to do it:

docker-volume-backup/test/Dockerfile

Lines 3 to 11 in bb11ae0

RUN apk add \
coreutils \
curl \
gpg \
jq \
moreutils \
tar \
zstd \
--no-cache

cmd/backup/encrypt_archive.go Show resolved Hide resolved
cmd/backup/encrypt_archive.go Outdated Show resolved Hide resolved
m90
m90 reviewed Jun 19, 2024
View reviewed changes
cmd/backup/config.go Outdated Show resolved Hide resolved
@nkcmr nkcmr force-pushed the nkcmr/add-age-encryption branch 2 times, most recently from 18b7fb5 to 58daebf Compare June 19, 2024 14:07
@m90
Copy link
Member

m90 commented Jun 19, 2024

@nkcmr thanks for the changes. Just to avoid misunderstandings: are you still planning on adding a test for the feature? No intent to pressure you into anything, just want to make sure you're not awaiting some sort of action from my end right now.

@nkcmr
Copy link
Contributor Author

nkcmr commented Jun 19, 2024

@m90 Yes, sorry for not being more verbose. My morning only had enough time to do those edits before $WORK. Will look at the testing setup within the next day or so and get that setup for this change 🙂.

@m90
Copy link
Member

m90 commented Aug 7, 2024

@nkcmr Sorry for being intrusive, but are you still interested in getting this merged? No worries if your mind wandered elsewhere, I'd just be interested to know if this shall be included in some release in the near future or not. Thanks.

@nkcmr
Copy link
Contributor Author

nkcmr commented Aug 14, 2024

@m90 Yah sorry for being a flake about this. I will try to get this back on track in the next few days. My laptop broke right after I left my last comment, got it fixed now though!

@m90
Copy link
Member

m90 commented Aug 14, 2024

There's nothing I'd like to release right now, so take your time. Very happy to release this once it's done though, so let me know if I cam help with anything.

@nkcmr nkcmr force-pushed the nkcmr/add-age-encryption branch 2 times, most recently from 2a36149 to 304ae35 Compare August 18, 2024 15:44
@nkcmr
Copy link
Contributor Author

nkcmr commented Aug 18, 2024

At long last! I have rebased my original change and added tests. Sorry for taking so long!

@nkcmr nkcmr force-pushed the nkcmr/add-age-encryption branch from 304ae35 to 4293c85 Compare August 18, 2024 16:16
@nkcmr nkcmr requested a review from m90 August 18, 2024 16:18
m90
m90 reviewed Aug 19, 2024
View reviewed changes
Copy link
Member

@m90 m90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really great, thanks for all the effort you put into consolidating the encryption logic. I left two minor comments inline, nothing blocking. Let me know what you think, and we'll get this released soon.

docs/how-tos/encrypt-backups-using-gpg.md Outdated Show resolved Hide resolved
test/age-publickey/pk-a.txt Outdated Show resolved Hide resolved
@nkcmr nkcmr force-pushed the nkcmr/add-age-encryption branch 2 times, most recently from 6c3cc1b to 2cabbdb Compare August 19, 2024 20:28
@nkcmr
feat: allow backups to be encrypted with age
5c3e87e 
GPG is known to have usability issues and is generally cumbersome to
use. age [0] is a modern alternative to GPG that is designed by a
cryptographer that has worked and continues to work on Golang's crypto
packages for years.

Allowing age to be used to encrypt backups dramatically simplifies the
backup process.

[0]: https://age-encryption.org/
@nkcmr nkcmr force-pushed the nkcmr/add-age-encryption branch from 2cabbdb to 5c3e87e Compare August 19, 2024 20:30
@nkcmr nkcmr requested a review from m90 August 19, 2024 20:30
m90
m90 approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@m90 m90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks a lot 🎩 . I'll merge and release it once the build is green.

@m90 m90 merged commit 44ad3bb into offen:main Aug 19, 2024
3 checks passed
@m90
Copy link
Member

m90 commented Aug 19, 2024

This is now included in v2.43.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m90 m90 m90 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nkcmr @m90