# ROA2WEB Secrets Backup **Date:** 2025-11-11_14-46-50 **Backed up files:** 5 **Encryption:** AES-256-CBC with PBKDF2 ## Files in this backup: ### Environment Files: - backend-.env.enc (encrypted) - backend-.env.prod.enc (encrypted) - telegram-bot-.env.enc (encrypted) - telegram-bot-.env.prod.enc (encrypted) ### Directories: - secrets.tar.enc (encrypted tar archive, 4 files) ## How to restore: ```bash # Restore all files automatically: ./scripts/restore-secrets.sh 2025-11-11_14-46-50 # Or manually decrypt a single file: openssl enc -aes-256-cbc -d -pbkdf2 -in backend-.env.enc -out .env # When prompted, enter the encryption password ``` ## Manual restore to specific location: ```bash # Backend .env openssl enc -aes-256-cbc -d -pbkdf2 \ -in backend-.env.enc \ -out ../../../reports-app/backend/.env # Backend .env.prod openssl enc -aes-256-cbc -d -pbkdf2 \ -in backend-.env.prod.enc \ -out ../../../reports-app/backend/.env.prod # Telegram Bot .env openssl enc -aes-256-cbc -d -pbkdf2 \ -in telegram-bot-.env.enc \ -out ../../../reports-app/telegram-bot/.env # Telegram Bot .env.prod openssl enc -aes-256-cbc -d -pbkdf2 \ -in telegram-bot-.env.prod.enc \ -out ../../../reports-app/telegram-bot/.env.prod # Decrypt and extract secrets directory openssl enc -aes-256-cbc -d -pbkdf2 -in secrets.tar.enc | \ tar -xf - -C ../../.. ``` ## Security Notes: - Files encrypted with AES-256-CBC using OpenSSL - Password-based encryption with PBKDF2 key derivation - Keep the encryption password safe in your password manager - Never commit decrypted .env files to git ## Password Storage Recommendation: Store in password manager as: - **Title:** ROA2WEB Secrets Backup Password - **Type:** Secure Note or Password - **Notes:** Encryption password for secrets-backup/2025-11-11_14-46-50