archive/theorangeone.net-legacy
1
Fork 0
Code Activity

Mention maybe BTRFS for bit-rot protection

Browse source
This commit is contained in:
Jake Howard 2021-06-06 15:54:23 +01:00
parent 72a161eed3
commit cfde6139cf
Signed by: jake
GPG key ID: 57AFB45680EDD477
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
content/posts/backup-strategy-2021.md
View file

@ -74,7 +74,7 @@ This is a new one for me, and may be where you either start thinking I've gone p
All my backups are encrypted, and rightly so. But what happens if I lose the keys? The keys live in my [Bitwarden](https://bitwarden.com/) (well [vaultwarden](https://github.com/dani-garcia/vaultwarden)) vault, which is also encrypted and stored with the backups. If I lose my server and computer, say in an aforementioned house fire, I'm fresh out of luck. [Restic's encryption](https://blog.filippo.io/restic-cryptography/) is such that without the key, the data is unrecoverable. All my backups are encrypted, and rightly so. But what happens if I lose the keys? The keys live in my [Bitwarden](https://bitwarden.com/) (well [vaultwarden](https://github.com/dani-garcia/vaultwarden)) vault, which is also encrypted and stored with the backups. If I lose my server and computer, say in an aforementioned house fire, I'm fresh out of luck. [Restic's encryption](https://blog.filippo.io/restic-cryptography/) is such that without the key, the data is unrecoverable.
To cover this base too, I back up the absolute code data onto a USB drive. The files on the drive are stored plainly in directories, and the drive encrypted (with [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)) with a key I know. I have 2 drives, with the same backup scripts on. 1 of these drives sits in a draw on my desk, the other in an "undisclosed location" away from my house (No, i'm obviously not going to tell you where it is). The drives are never in the same location, to minimize potential risk, and the drives are only plugged in to perform a backup, then unplugged. To cover this base too, I back up the absolute code data onto a USB drive. The files on the drive are stored plainly in directories, and the drive encrypted (with [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)) with a key I know. I have 2 drives, with the same backup scripts on. 1 of these drives sits in a draw on my desk, the other in an "undisclosed location" away from my house (No, i'm obviously not going to tell you where it is). The drives are never in the same location, to minimize potential risk, and the drives are only plugged in to perform a backup, then unplugged. To help detect the flash storage degrading, I'd like to experiment with BTRFS on the drive, which would also bring some compression with it.
For the drives themselves, I didn't want to use just anything. They needed to be very rugged, reliable and have a reasonable capacity. For me that left 1 option: the [Corsair survivor stealth](https://www.corsair.com/uk/en/Categories/Products/Storage/USB-Drives/flash-survivor-stealth-config/p/CMFSS3B-512GB). It's both waterproof, shockproof, easily available, and available in a number of capacities. I went for 32GB, partly because it should be ample for my needs, and it was on offer at the time. For the drives themselves, I didn't want to use just anything. They needed to be very rugged, reliable and have a reasonable capacity. For me that left 1 option: the [Corsair survivor stealth](https://www.corsair.com/uk/en/Categories/Products/Storage/USB-Drives/flash-survivor-stealth-config/p/CMFSS3B-512GB). It's both waterproof, shockproof, easily available, and available in a number of capacities. I went for 32GB, partly because it should be ample for my needs, and it was on offer at the time.