diff --git a/secrets-backup/2025-11-11_14-46-50/README.md b/secrets-backup/2025-11-11_14-46-50/README.md new file mode 100644 index 0000000..ffcd544 --- /dev/null +++ b/secrets-backup/2025-11-11_14-46-50/README.md @@ -0,0 +1,70 @@ +# ROA2WEB Secrets Backup + +**Date:** 2025-11-11_14-46-50 +**Backed up files:** 5 +**Encryption:** AES-256-CBC with PBKDF2 + +## Files in this backup: + +### Environment Files: +- backend-.env.enc (encrypted) +- backend-.env.prod.enc (encrypted) +- telegram-bot-.env.enc (encrypted) +- telegram-bot-.env.prod.enc (encrypted) + +### Directories: +- secrets.tar.enc (encrypted tar archive, 4 files) + +## How to restore: + +```bash +# Restore all files automatically: +./scripts/restore-secrets.sh 2025-11-11_14-46-50 + +# Or manually decrypt a single file: +openssl enc -aes-256-cbc -d -pbkdf2 -in backend-.env.enc -out .env + +# When prompted, enter the encryption password +``` + +## Manual restore to specific location: + +```bash +# Backend .env +openssl enc -aes-256-cbc -d -pbkdf2 \ + -in backend-.env.enc \ + -out ../../../reports-app/backend/.env + +# Backend .env.prod +openssl enc -aes-256-cbc -d -pbkdf2 \ + -in backend-.env.prod.enc \ + -out ../../../reports-app/backend/.env.prod + +# Telegram Bot .env +openssl enc -aes-256-cbc -d -pbkdf2 \ + -in telegram-bot-.env.enc \ + -out ../../../reports-app/telegram-bot/.env + +# Telegram Bot .env.prod +openssl enc -aes-256-cbc -d -pbkdf2 \ + -in telegram-bot-.env.prod.enc \ + -out ../../../reports-app/telegram-bot/.env.prod + +# Decrypt and extract secrets directory +openssl enc -aes-256-cbc -d -pbkdf2 -in secrets.tar.enc | \ + tar -xf - -C ../../.. +``` + +## Security Notes: + +- Files encrypted with AES-256-CBC using OpenSSL +- Password-based encryption with PBKDF2 key derivation +- Keep the encryption password safe in your password manager +- Never commit decrypted .env files to git + +## Password Storage Recommendation: + +Store in password manager as: +- **Title:** ROA2WEB Secrets Backup Password +- **Type:** Secure Note or Password +- **Notes:** Encryption password for secrets-backup/2025-11-11_14-46-50 diff --git a/secrets-backup/2025-11-11_14-46-50/backend-.env.enc b/secrets-backup/2025-11-11_14-46-50/backend-.env.enc new file mode 100644 index 0000000..bcf9f5d Binary files /dev/null and b/secrets-backup/2025-11-11_14-46-50/backend-.env.enc differ diff --git a/secrets-backup/2025-11-11_14-46-50/backend-.env.prod.enc b/secrets-backup/2025-11-11_14-46-50/backend-.env.prod.enc new file mode 100644 index 0000000..c1d16c8 Binary files /dev/null and b/secrets-backup/2025-11-11_14-46-50/backend-.env.prod.enc differ diff --git a/secrets-backup/2025-11-11_14-46-50/secrets.tar.enc b/secrets-backup/2025-11-11_14-46-50/secrets.tar.enc new file mode 100644 index 0000000..e459e27 Binary files /dev/null and b/secrets-backup/2025-11-11_14-46-50/secrets.tar.enc differ diff --git a/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.enc b/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.enc new file mode 100644 index 0000000..1a03774 Binary files /dev/null and b/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.enc differ diff --git a/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.prod.enc b/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.prod.enc new file mode 100644 index 0000000..be1f59e Binary files /dev/null and b/secrets-backup/2025-11-11_14-46-50/telegram-bot-.env.prod.enc differ