From 8cee3b0043eda68d982e5359a0d009c83cbb85c4 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 25 Dec 2022 22:45:05 +0100
Subject: Update prod secret files

---
 cluster/prod/app/backup/secrets.toml | 52 +++++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 25 deletions(-)

(limited to 'cluster/prod/app/backup/secrets.toml')

diff --git a/cluster/prod/app/backup/secrets.toml b/cluster/prod/app/backup/secrets.toml
index 5d2b851..91794ae 100644
--- a/cluster/prod/app/backup/secrets.toml
+++ b/cluster/prod/app/backup/secrets.toml
@@ -40,51 +40,53 @@ description = 'Backup AWS access key ID'
 
 # Postgresql backup
 
-[secrets."backup/psql/aws_secret_access_key"]
-type = 'user'
-description = 'Minio secret key'
-
-[secrets."backup/psql/aws_access_key_id"]
+[secrets."postgres/backup/aws_access_key_id"]
 type = 'user'
 description = 'Minio access key'
 
-[secrets."backup/psql/crypt_public_key"]
+[secrets."postgres/backup/aws_secret_access_key"]
 type = 'user'
-description = 'A public key to encypt backups with age'
+description = 'Minio secret key'
 
-[secrets."backup/psql/crypt_private_key"]
+[secrets."postgres/backup/crypt_public_key"]
 type = 'user'
-description = 'a private key to decript backups from age'
+description = 'A public key to encypt backups with age'
 
 
-# SSH target config (do we still use this?)
+# Plume backup
 
-[secrets."backup/target_ssh_host"]
+[secrets."plume/backup_restic_repository"]
 type = 'user'
-description = 'Hostname of the backup target host'
+description = 'Restic repository'
+example = 's3:https://s3.garage.tld'
 
-[secrets."backup/target_ssh_port"]
+[secrets."plume/backup_restic_password"]
 type = 'user'
-description = 'SSH port number to connect to the target host'
+description = 'Restic password to encrypt backups'
 
-[secrets."backup/target_ssh_dir"]
+[secrets."plume/backup_aws_secret_access_key"]
 type = 'user'
-description = 'Directory where to store backups on target host'
+description = 'Backup AWS secret access key'
 
-[secrets."backup/target_ssh_user"]
+[secrets."plume/backup_aws_access_key_id"]
 type = 'user'
-description = 'SSH username to log in as on the target host'
+description = 'Backup AWS access key ID'
 
-[secrets."backup/target_ssh_fingerprint"]
+
+# Dovecot backup
+
+[secrets."email/dovecot/backup_restic_password"]
 type = 'user'
-description = 'SSH fingerprint of the target machine (format: copy here the corresponding line from your known_hosts file)'
+description = 'Restic backup password to encrypt data'
 
-[secrets."backup/id_ed25519"]
+[secrets."email/dovecot/backup_aws_secret_access_key"]
 type = 'user'
-multiline = true
-description = 'Private ed25519 key of the container doing the backup'
+description = 'AWS Secret Access key'
 
-[secrets."backup/id_ed25519.pub"]
+[secrets."email/dovecot/backup_restic_repository"]
 type = 'user'
-description = 'Public ed25519 key of the container doing the backup (this key must be in authorized_keys on the backup target host)'
+description = 'Restic Repository URL, check op_guide/backup-minio to see the format'
 
+[secrets."email/dovecot/backup_aws_access_key_id"]
+type = 'user'
+description = 'AWS Acces Key ID'
-- 
cgit v1.2.3