Backup Secrets #28

New Issue

moritz · 2023-09-21T22:46:18Z

moritz commented

2023-09-21 22:46:18 +00:00

There should be a backup of the app secrets as well. If you need to reinitialize the swarm for any reason or want to restore the app on another server the secrets are required. Further you don't need to handle a way to store all the autogenerated secrets locally anymore.

Also somehow related: coop-cloud/organising#480
Unfortunately I couldn't find any other way to access the secrets, than attaching them to a container and reading /var/run/secrets.
Therefore my idea is to attach all secrets of all apps that have the 'backupbot.backup label to the backupbot. Than the secrets can easily be handled by restic.

There should be a backup of the app secrets as well. If you need to reinitialize the swarm for any reason or want to restore the app on another server the secrets are required. Further you don't need to handle a way to store all the autogenerated secrets locally anymore. Also somehow related: https://git.coopcloud.tech/coop-cloud/organising/issues/480 Unfortunately I couldn't find any other way to access the secrets, than attaching them to a container and reading `/var/run/secrets`. Therefore my idea is to attach all secrets of all apps that have the `'backupbot.backup` label to the backupbot. Than the secrets can easily be handled by restic.

👀 1

moritz self-assigned this 2023-09-21 22:46:18 +00:00

moritz added this to the backupbot revolution project 2023-09-21 22:46:26 +00:00

moritz referenced this issue from coop-cloud/organising

2023-09-21 22:49:56 +00:00

`abra app secret get <domain> <secret-name>` #480

moritz referenced this issue from a commit

2023-09-21 22:54:32 +00:00

feat: Backup Secrets #28

moritz commented

2023-09-22 12:04:04 +00:00

Another approach:
mount /var/lib/docker/containers/ inside the backupbot. So the secrets can be accessed via /var/lib/docker/containers/<container-id>/mounts/secrets.

This solves two problems with attaching the secrets to the backupbot:

For every new secret the backupbot needs to be restarted
Secrets can not be removed without detaching them again from the backupbot

Another approach: mount `/var/lib/docker/containers/` inside the backupbot. So the secrets can be accessed via `/var/lib/docker/containers/<container-id>/mounts/secrets`. This solves two problems with attaching the secrets to the backupbot: - For every new secret the backupbot needs to be restarted - Secrets can not be removed without detaching them again from the backupbot

moritz referenced this issue from a commit

2023-09-22 14:39:51 +00:00

feat: Backup Secrets (copy secrets) #28

moritz commented

2023-09-22 14:54:07 +00:00

New approach: ef9fbda7d0
For each app that is included in the backup the secrets are copied from /var/lib/docker/containers/<container-id>/mounts/secrets/<secret_id> to /secrets/<secret_name> and /secret is included as backup path for restic.

New approach: https://git.coopcloud.tech/coop-cloud/backup-bot-two/commit/ef9fbda7d0b6fb05c40d78a158ec41121574c36e For each app that is included in the backup the secrets are copied from `/var/lib/docker/containers/<container-id>/mounts/secrets/<secret_id>` to `/secrets/<secret_name>` and `/secret` is included as backup path for `restic`.

moritz closed this issue

2023-10-03 20:06:04 +00:00

moritz referenced this issue from a commit

2023-10-04 17:08:58 +00:00

feat: Backup Secrets #28

moritz referenced this issue from a commit

2023-10-04 17:08:58 +00:00

feat: Backup Secrets (copy secrets) #28

Sign in to join this conversation.