+26
-10
lines changedFilter options
+26
-10
lines changed Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
1 1
# Changelog
2 2 3 +
## pg_back 2.2.0
4 + 5 +
* Support compression in plain format
6 +
* Add option to skip loading config file
7 +
* Harden file permissions of output files
8 +
* Add Dockerfile and an example docker compose config
9 +
* Add an example configuration for Kubernetes
10 +
* Support AGE public keys for encryption
11 +
* Fix inclusion and excusion lists parsing in per db configs
12 + 3 13
## pg_back 2.1.1
4 14 5 15
* Fix exec path expansion when binDir is set
@@ -14,3 +14,4 @@ Thibaud Walkowiak
14 14
Gounick
15 15
Massimo Lusetti
16 16
Kenny Root
17 +
Pierrick @pgpie
Original file line number Diff line number Diff line change
@@ -143,22 +143,27 @@ post backup hook is executed when present.
143 143 144 144
All the files procuded by a run of pg_back can be encrypted using age
145 145
(<https://age-encryption.org/> an easy to use tool that does authenticated
146 -
encryption of files). To keep things simple, encryption is done using a
147 -
passphrase. To encrypt files, use the `--encrypt` option along with the
148 -
`--cipher-pass` option or `PGBK_CIPHER_PASS` environment variable to specify the
149 -
passphrase. When `encrypt` is set to true in the configuration file, the
146 +
encryption of files). Encryption can be done with a passphrase or a key pair.
147 + 148 +
To encrypt files with a passphrase, use the `--encrypt` option along with the
149 +
`--cipher-pass` option or `PGBK_CIPHER_PASS` environment variable to specify
150 +
the passphrase. When `encrypt` is set to true in the configuration file, the
150 151
`--no-encrypt` option allows to disable encryption on the command line. By
151 152
default, unencrypted source files are removed when they are successfully
152 153
encrypted. Use the `--encrypt-keep-src` option to keep them or
153 154
`--no-encrypt-keep-src` to force remove them and override the configuration
154 155
file. If required, checksum of encrypted files are computed.
155 156 156 -
Encrypted files can be decrypted with the correct passphrase and the
157 -
`--decrypt` option. When `--decrypt` is present on the command line, dumps are
158 -
not performed, instead files are decrypted. Files can also be decrypted with
159 -
the `age` tool, independently. Decryption of multiple files can be parallelized
160 -
with the `-j` option. Arguments on the commandline (database names when
161 -
dumping) are used as shell globs to choose which files to decrypt.
157 +
When using keys, use `--cipher-public-key` to encrypt and
158 +
`--cipher-private-key` to decrypt. The value are passed as strings in Bech32
159 +
encoding. The easiest way to create them is to use the `age` tool.
160 + 161 +
Encrypted files can be decrypted with the correct passphrase or the private key
162 +
and the `--decrypt` option. When `--decrypt` is present on the command line,
163 +
dumps are not performed, instead files are decrypted. Files can also be
164 +
decrypted with the `age` tool, independently. Decryption of multiple files can
165 +
be parallelized with the `-j` option. Arguments on the commandline (database
166 +
names when dumping) are used as shell globs to choose which files to decrypt.
162 167 163 168
**Please note** that files are written on disk unencrypted in the backup directory,
164 169
before encryption and deleted after the encryption operation is complete. This
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4