diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 44535cf20e26096d83646c2499a7dc596a8b1151..02a79f5392287ad4e22ff6be7f7aa5e91d490859 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1525,13 +1525,22 @@ Duply is configured as follows: Parameters ~~~~~~~~~~ +**backup_additional_encryption_keys** (list, optional, ``[]``) + List of additional identifiers of encryption keys used for backup + operation. Listed encryption keys must be present in the backup keyring - only + the public key is used. These additional keys are useful in cases where the + backups should be decryptable with some master key in addition to + server-specific key. + **backup_client_username** (string, optional, ``bak-{{ ansible_fqdn | replace('.', '_') }}``) Username for connecting to the backup server via SFTP. -**backup_encryption_keys** (list, mandatory) - List of key identifiers for encryption keys used for backup operation. Listed - encryption keys must be part of the backup keyring. It is sufficient (and - recommended) to include only the public keys. +**backup_encryption_key** (string, optional, ``{{ ansible_fqdn }}``) + Identifier of encryption key used for the backup operations. Specified key + must be present in the backup keyring, both private and public + counterpart. This is normally host-specified encryption key that is + distributed to destination server and that can be also used for the restore + operations (for data decryption). **backup_gnupg_keyring** (string, optional, ``{{ inventory_dir }}/backup_keyring``) Path to the directory on *controller* machine (where Ansible is executed) @@ -1572,12 +1581,17 @@ plugin is quite useful here for fetching key values from some local directory): .. code-block:: yaml - role: backup_client - backup_encryption_keys: - - "my_secret_key" + backup_additional_encryption_keys: "my_key" + backup_client_username: "user" + backup_encryption_key: "host_enc_key" + backup_gnupg_keyring: "/home/admin/.gnupg" backup_server: "backup.example.com" + backup_server_destination: "//example/host" backup_server_host_ssh_public_keys: - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}" - - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}" - - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}" - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}" + - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}" + - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}" + backup_server_port: 22 + backup_signing_key: "host_enc_key" backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/web.example.com') }}"