My understanding is that Duplicati encrypts volumes prior to uploading them to AWS S3. My question is though if my system dies and I need to restore data how do I decrypt the backups. Don’t i need to have copies of the keys Duplicati used to encrypt them with in the first place? Where are those stored?
In other words what do I need to backup so that in the event of a total system failure I can get my data back from S3 in an unencrypted format.
Currently Duplicati uses your passphrase, instead of an encryption key, when you use standard AES.
So there’s nothing to backup, you just plug in the url, login info, and your encryption passphrase and start restoring.
With PGP you’re relying on an your external PGP configuration, which will of course be a different story.
Thanks… that makes sense. I just didn’t realize thats how it was working.
No worries, I don’t think it’s stated explicitly anywhere.
And in fact if we implement [feature request] Changing volume encryption password · Issue #2991 · duplicati/duplicati · GitHub then there will be encryption keys.
Although they would also be backed up, so you still wouldn’t have to worry