Security and permissions
By design, repository URI and repository passwords (as well as any other sensible information) are encrypted in the configuration file.
While it is really advisable to use a write only target (like rest-server with --append-only option or an S3 server with specific rules), NPBackup assumes that the Backup client might be highjacked, or that a end-user shouldn't be able to restore files.
In order to achieve the above constricts, NPBackup implements an optional password & permission system.
In order to protect the encrypted data, it is advised to set a manager password.
In the GUI, use the configuration interface, in the destination tab, and use set permissions.
This will allow you to choose between 3 permission levels, and provide a password.
Once set, the password will be invisible in the configuration file.
Clues that manager password is set are in the gui via manager password initialized or in the configuration file with via is_protected: true parameter.
The manager password is set at repo level, but keep in mind that every manager password can decrypt any data in the same configuration file.
Only when the manager password is set will the permissions be enforced. Existing permissions are:
- full: Set by default, allows all including destructive operations
- restore: Allows everything backup does plus restore, check and dump operations
- backup: Allows, backup and snapshot/object listing operations
In order to set the manager password and permissions directly in configuration file, you can edit the repo_uri value like:
repo_uri: <uri>, <permission>, <manager password>
# example
repo_uri: s3:https://some.path/some-bucket,restore,My!SecretPassword123
Once loaded, repo_uri will be encrypted, and permission / manager password won't be visible.