dda-backup/infrastructure/backup/doc/backup_dev_notes.md
2025-01-11 11:00:31 +01:00

50 lines
1.1 KiB
Markdown

# changing password on restic repository
## config to use
To change the password add new-password-file to config.
```clojure
{:password-file "/restic-pwd"
:new-password-file "/new-restic-pwd"}
```
## restic: decide which password to choose
If there is a new-password-file defined, decide witch to use:
```mermaid
stateDiagram-v2
state new? <<choice>>
state "restic --password-file /new-pwd check" as check_new
state new_works? <<choice>>
[*] --> containsNewPassword?
containsNewPassword? --> new?
new? --> check_new: yes
new? --> use_old: no
check_new --> new_works?
new_works? --> use_new: yes
new_works? --> use_old: no
```
# Process to change password in k8s
```mermaid
sequenceDiagram
actor d as DevOps
participant s as BackupSecret
participant a as ApplicationDeployment
participant b as BackupDeployment
d ->> s: add new-password-file
d ->> a: scale down
d ->> b: scale up
d ->> b: shell into
activate b
b ->> b: call change password
deactivate b
d ->> s: replace password-file with new-password-file
d ->> b: scale down
d ->> a: scale up
```