mirror of
https://github.com/restic/restic.git
synced 2025-12-16 00:42:46 +00:00
Merge pull request #2398 from DanielG/b2-hide-file
b2: Fallback to b2_hide_file when delete returns unauthorized
This commit is contained in:
Michael Eischer
19
changelog/unreleased/issue-2134
Normal file
19
changelog/unreleased/issue-2134
Normal file
@@ -0,0 +1,19 @@
|
||||
Enhancement: Support B2 API keys restricted to hiding but not deleting files
|
||||
|
||||
When the B2 backend does not have the necessary permissions to permanently
|
||||
delete files, it now automatically falls back to hiding files. This allows
|
||||
using restic with an application key which is not allowed to delete files.
|
||||
This prevents an attacker to delete backups with the API key used by restic.
|
||||
|
||||
To use this feature create an application key without the deleteFiles
|
||||
capability. It is recommended to restrict the key to just one bucket.
|
||||
For example using the b2 command line tool:
|
||||
|
||||
b2 create-key --bucket <bucketName> <keyName> listBuckets,readFiles,writeFiles,listFiles
|
||||
|
||||
Alternatively, you can use the S3 backend to access B2, as described
|
||||
in the documentation. In this mode, files are also only hidden instead
|
||||
of being deleted permanently.
|
||||
|
||||
https://github.com/restic/restic/issues/2134
|
||||
https://github.com/restic/restic/pull/2398
|
||||
Reference in New Issue
Block a user