Generate a new bupstash sub key with lesser
capabilities derived from a bupstash key.
bupstash new-sub-key -k KEY -o SUB_KEY
bupstash new-sub-key creates a new bupstash key capable of
a subset of the operations of a main key.
Capabilities are any of 'put', 'list' and 'list-contents'. Put
keys can create new backups, list keys can decrypt tags and other metadata,
while 'list-contents' keys can list the contents of tarballs created by 'bupstash put'.
A typical use of a list only key would be to allow a cron job to rotate old backups by
their search tags, without exposing the data decryption key.
The generated key will be marked readable only for the creating user.
If a sub-key is lost, the original key will still be able to decrypt any data in the repository
encrypted by that sub-key.
- -k, --key PATH
- Key to derive the new sub-key from.
- -o, --output PATH
- Path to where the sub-key will be written.
- The key is able to encrypt data for 'put' operations.
- The key will be able to decrypt metadata and perform queries.
- The key will be able to list item contents with 'list-contents' (implies --list).
Create a new put only key
$ bupstash new-sub-key --put -k backups.key -o ./put.key
$ bupstash put -k ./backups-put.key ./data
Create a new listing key
$ bupstash new-sub-key -k ./backups.key -o ./list.key --list
$ bupstash list -k ./list.key
Create a new content listing key
$ bupstash new-sub-key -k ./backups.key -o ./list-contents.key --list-contents
$ bupstash list-contents -k ./list-contents.key name=some-backup.tar