diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md
index 4fb1d36..2e4b10e 100644
--- a/doc/BackupAndRestore.md
+++ b/doc/BackupAndRestore.md
@@ -9,16 +9,12 @@
## Manual backup
-1. Scale Cloud deployment down:
- `kubectl -n nextcloud scale deployment cloud-deployment --replicas=0`
1. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
-1. exec into pod and execute restore pod
+2. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- backup.bb`
-1. Scale backup-restore deployment down:
+3. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
-1. Scale Cloud deployment up:
- `kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
## Manual restore
@@ -32,3 +28,40 @@
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
5. Scale Cloud deployment up:
`kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
+
+## Change Password
+
+1. Apply restic-new-password to secret & backup deployment
+ ```
+ kind: Deployment
+ metadata:
+ name: backup-restore
+ spec:
+ spec:
+ containers:
+ - name: backup-app
+ env:
+ - name: RESTIC_NEW_PASSWORD_FILE
+ value: /var/run/secrets/backup-secrets/restic-new-password
+ ---
+ kind: Secret
+ metadata:
+ name: backup-secret
+ data:
+ restic-password: old
+ restic-new-password: new
+ ```
+2. Scale backup-restore deployment up:
+ `kubectl -n nextcloud scale deployment backup-restore --replicas=1`
+3. exec into pod and execute restore pod
+ `kubectl -n nextcloud exec -it backup-restore -- change-password.bb`
+4. Scale backup-restore deployment down:
+ `kubectl -n nextcloud scale deployment backup-restore --replicas=0`
+5. Replace restic-password with restic-new-password in secret
+ ```
+ kind: Secret
+ metadata:
+ name: backup-secret
+ data:
+ restic-password: new
+ ```
diff --git a/infrastructure/backup/image/resources/install.bb b/infrastructure/backup/image/resources/install.bb
index 49f6429..9ae0e86 100755
--- a/infrastructure/backup/image/resources/install.bb
+++ b/infrastructure/backup/image/resources/install.bb
@@ -11,6 +11,7 @@
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
+(in/install! "change-password.bb")
(in/install! "start-maintenance.sh")
(in/install! "end-maintenance.sh")
(in/install! "restore.bb")
diff --git a/src/main/resources/backup/cron.yaml b/src/main/resources/backup/cron.yaml
index d1ae3fc..a7c1cad 100644
--- a/src/main/resources/backup/cron.yaml
+++ b/src/main/resources/backup/cron.yaml
@@ -53,8 +53,6 @@ spec:
key: restic-repository
- name: RESTIC_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-password
- - name: RESTIC_NEW_PASSWORD_FILE
- value: /var/run/secrets/backup-secrets/restic-new-password
volumeMounts:
- name: cloud-data-volume
mountPath: /var/backups
diff --git a/src/test/cljc/dda/c4k_nextcloud/backup_test.cljc b/src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
index e3ca309..87ce4cc 100644
--- a/src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
+++ b/src/test/cljc/dda/c4k_nextcloud/backup_test.cljc
@@ -85,8 +85,7 @@
{:name "AWS_ACCESS_KEY_ID_FILE", :value "/var/run/secrets/backup-secrets/aws-access-key-id"}
{:name "AWS_SECRET_ACCESS_KEY_FILE", :value "/var/run/secrets/backup-secrets/aws-secret-access-key"}
{:name "RESTIC_REPOSITORY", :valueFrom {:configMapKeyRef {:name "backup-config", :key "restic-repository"}}}
- {:name "RESTIC_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-password"}
- {:name "RESTIC_NEW_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-new-password"}]
+ {:name "RESTIC_PASSWORD_FILE", :value "/var/run/secrets/backup-secrets/restic-password"}]
:volumeMounts
[{:name "cloud-data-volume", :mountPath "/var/backups"}
{:name "backup-secret-volume", :mountPath "/var/run/secrets/backup-secrets", :readOnly true}