diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-04-09 11:54:19 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-04-09 17:17:35 +0300 |
commit | d0b0245edbb2f6ed8285358d83b98f3334bf1b12 (patch) | |
tree | 988f72832b8a5015f4dbfb49473eba022d089666 /obnam.md | |
parent | 2d6c1c81bfb1c0be8dfaced1c70e825e46c66430 (diff) | |
download | obnam2-d0b0245edbb2f6ed8285358d83b98f3334bf1b12.tar.gz |
feat: add "obnam init" subcommand
This reads a passphrase and derives two passwords from that, and
stores them next to the configuration file. The passwords aren't yet
used for anything, that will come later.
Diffstat (limited to 'obnam.md')
-rw-r--r-- | obnam.md | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -1118,6 +1118,7 @@ then stdout, as JSON, matches file config.json roots: [live] server_url: https://backup.example.com verify_tls_cert: true +encrypt: false ~~~ @@ -1531,11 +1532,40 @@ Verify that trying to backup without having set a passphrase fails with an error message that clearly identifies the lack of a passphrase. +~~~scenario +given an installed obnam +and a running chunk server +and a client config based on encryption.yaml +and a file live/data.dat containing some random data +and a manifest of the directory live in live.yaml +when I try to run obnam --config encryption.yaml backup +then command fails +then stderr contains "obnam init" +~~~ + +~~~{#encryption.yaml .file .yaml .numberLines} +verify_tls_cert: false +roots: [live] +encrypt: true +~~~ + ## A passphrase can be set Set a passphrase. Verify that it's stored in a file that is only readable by it owner. Verify that a backup can be made. +~~~scenario +given an installed obnam +and a running chunk server +and a client config based on encryption.yaml +and a file live/data.dat containing some random data +and a manifest of the directory live in live.yaml +when I run obnam --config encryption.yaml init --insecure-passphrase=hunter2 +then file passwords.yaml exists +then file passwords.yaml is only readable by owner +then file passwords.yaml does not contain "hunter2" +~~~ + ## A passphrase stored insecurely is rejected Verify that a backup fails if the file where the passphrase is stored |