From 3bc3a0cd7e566f068323b73807c1e30d565a3c1c Mon Sep 17 00:00:00 2001
From: Mirco <mirco.zachmann@meissa.de>
Date: Fri, 5 Apr 2024 11:55:57 +0200
Subject: [PATCH] Statemachine credRot devnotes

---
 infrastructure/backup/doc/backup_dev_notes.md | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 infrastructure/backup/doc/backup_dev_notes.md

diff --git a/infrastructure/backup/doc/backup_dev_notes.md b/infrastructure/backup/doc/backup_dev_notes.md
new file mode 100644
index 0000000..69e0033
--- /dev/null
+++ b/infrastructure/backup/doc/backup_dev_notes.md
@@ -0,0 +1,36 @@
+## Init Statemachine
+
+### Inputs
+1. `restic-password: ""`
+2. `restic-password-to-rotate: ""`
+
+### Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+### Password Rotation
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. add new password to restic repository   
+    `restic key add ....`   
+    => Trigger ::   
+    field (1) credential current   
+    filed (2) credential new
+3. replace field (1) with (2) & clear (2)
+4. remove old key - ???  
+`restic remove ....`
+
+
+```mermaid
+stateDiagram-v2
+    [*] --> init
+    init --> backup_ready: trigger, restic-password !empty
+    backup_ready --> new_password_added: restic-password !empty && restic-password-to-rotate !empty 
+    new_password_added --> backup_ready: restic-password !empty && restic-password-to-rotate empty
+```