feat: allow backups to be encrypted with age (#432)

GPG is known to have usability issues and is generally cumbersome to use. age [0] is a modern alternative to GPG that is designed by a cryptographer that has worked and continues to work on Golang's crypto packages for years. Allowing age to be used to encrypt backups dramatically simplifies the backup process. [0]: https://age-encryption.org/
2025-12-24 09:41:12 +01:00 · 2024-08-19 16:49:49 -04:00
parent 74e065cbb9
commit 44ad3bbda2
12 changed files with 317 additions and 75 deletions
--- a/cmd/backup/config.go
+++ b/cmd/backup/config.go
@@ -48,6 +48,8 @@ type Config struct {
 	BackupSkipBackendsFromPrune   []string        `split_words:"true"`
 	GpgPassphrase                 string          `split_words:"true"`
 	GpgPublicKeyRing              string          `split_words:"true"`
+	AgePassphrase                 string          `split_words:"true"`
+	AgePublicKeys                 []string        `split_words:"true"`
 	NotificationURLs              []string        `envconfig:"NOTIFICATION_URLS"`
 	NotificationLevel             string          `split_words:"true" default:"error"`
 	EmailNotificationRecipient    string          `split_words:"true"`