2025-01-11 10:00:31 +00:00
|
|
|
# changing password on restic repository
|
2024-08-19 06:55:14 +00:00
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
## config to use
|
2024-08-19 06:55:14 +00:00
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
To change the password add new-password-file to config.
|
2024-08-19 06:55:14 +00:00
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
```clojure
|
|
|
|
|
{:password-file "/restic-pwd"
|
|
|
|
|
:new-password-file "/new-restic-pwd"}
|
|
|
|
|
```
|
2024-08-19 06:55:14 +00:00
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
## restic: decide which password to choose
|
2024-08-19 06:55:14 +00:00
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
If there is a new-password-file defined, decide witch to use:
|
2024-08-19 06:55:14 +00:00
|
|
|
|
|
|
|
|
```mermaid
|
|
|
|
|
stateDiagram-v2
|
2025-01-11 10:00:31 +00:00
|
|
|
state new? <<choice>>
|
|
|
|
|
state "restic --password-file /new-pwd check" as check_new
|
|
|
|
|
state new_works? <<choice>>
|
|
|
|
|
|
|
|
|
|
[*] --> containsNewPassword?
|
|
|
|
|
containsNewPassword? --> new?
|
|
|
|
|
new? --> check_new: yes
|
|
|
|
|
new? --> use_old: no
|
|
|
|
|
check_new --> new_works?
|
|
|
|
|
new_works? --> use_new: yes
|
|
|
|
|
new_works? --> use_old: no
|
2024-08-19 06:55:14 +00:00
|
|
|
```
|
|
|
|
|
|
2025-01-11 10:00:31 +00:00
|
|
|
# Process to change password in k8s
|
2024-08-19 06:55:14 +00:00
|
|
|
|
|
|
|
|
```mermaid
|
|
|
|
|
sequenceDiagram
|
2025-01-11 10:00:31 +00:00
|
|
|
actor d as DevOps
|
|
|
|
|
participant s as BackupSecret
|
|
|
|
|
participant a as ApplicationDeployment
|
|
|
|
|
participant b as BackupDeployment
|
|
|
|
|
|
|
|
|
|
d ->> s: add new-password-file
|
|
|
|
|
d ->> a: scale down
|
|
|
|
|
d ->> b: scale up
|
|
|
|
|
d ->> b: shell into
|
|
|
|
|
activate b
|
|
|
|
|
b ->> b: call change password
|
|
|
|
|
deactivate b
|
|
|
|
|
d ->> s: replace password-file with new-password-file
|
|
|
|
|
d ->> b: scale down
|
|
|
|
|
d ->> a: scale up
|
|
|
|
|
```
|
