borg-key-export - Export the repository key for backup
borg [common options] key export [options] [PATH]
If repository encryption is used, the repository is inaccessible without the
key. This command allows one to back up this essential key. Note that the
backup produced does not include the passphrase itself (i.e. the exported key
stays encrypted). In order to regain access to a repository, one needs both
the exported key and the original passphrase.
There are three backup formats. The normal backup format is suitable for digital
storage as a file. The
--paper backup format is optimized for printing
and typing in while importing, with per line checks to reduce problems with
manual input. The
--qr-html creates a printable HTML template with a QR
code and a copy of the
--paper-formatted key.
For repositories using keyfile encryption the key is saved locally on the system
that is capable of doing backups. To guard against loss of this key, the key
needs to be backed up independently of the main data backup.
For repositories using the repokey encryption the key is saved in the repository
in the config file. A backup is thus not strictly needed, but guards against
the repository becoming inaccessible if the file is damaged for some reason.
Examples:
borg key export /path/to/repo > encrypted-key-backup
borg key export --paper /path/to/repo > encrypted-key-backup.txt
borg key export --qr-html /path/to/repo > encrypted-key-backup.html
# Or pass the output file as an argument instead of redirecting stdout:
borg key export /path/to/repo encrypted-key-backup
borg key export --paper /path/to/repo encrypted-key-backup.txt
borg key export --qr-html /path/to/repo encrypted-key-backup.html
See
borg-common(1) for common options of Borg commands.
- PATH
- where to store the backup
- --paper
- Create an export suitable for printing and later
type-in
- --qr-html
- Create an html file suitable for printing and later type-in
or qr scan
borg-common(1),
borg-key-import(1)
The Borg Collective