romfast/roa2web-service-auto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f99ee2fd06083d50f0f73a3dd8a461a872e2067
roa2web-service-auto/secrets-backup/2025-11-11_14-46-50/README.md
Marius Mutu 53d108e7c8 Add encrypted production secrets backup (2025-11-11) 
Initial encrypted backup of all sensitive configuration files and SSH keys
for version control and disaster recovery.

Contents:
- backend/.env and .env.prod (development and production config)
- telegram-bot/.env and .env.prod (bot configuration)
- secrets/ directory (SSH keys for Oracle server access)

Encryption: AES-256-CBC with PBKDF2 using OpenSSL
Total: 5 encrypted items (4 files + 1 directory archive)
Backup date: 2025-11-11 14:46:50

⚠️ IMPORTANT: Decryption password required for restore
Password format: ROA2WEB_Backup_2024_Secure_Key_YYYYMMDD

To restore:
./scripts/restore-secrets.sh 2025-11-11_14-46-50

All files are safely encrypted and can be committed to git without
exposing sensitive credentials. Decryption password must be stored
separately in password manager.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 14:47:34 +02:00

71 lines
1.8 KiB
Markdown
Raw Blame History

# ROA2WEB Secrets Backup
**Date:** 2025-11-11_14-46-50
**Backed up files:** 5
**Encryption:** AES-256-CBC with PBKDF2
## Files in this backup:
### Environment Files:
- backend-.env.enc (encrypted)
- backend-.env.prod.enc (encrypted)
- telegram-bot-.env.enc (encrypted)
- telegram-bot-.env.prod.enc (encrypted)
### Directories:
- secrets.tar.enc (encrypted tar archive, 4 files)
## How to restore:
```bash
# Restore all files automatically:
./scripts/restore-secrets.sh 2025-11-11_14-46-50
# Or manually decrypt a single file:
openssl enc -aes-256-cbc -d -pbkdf2 -in backend-.env.enc -out .env
# When prompted, enter the encryption password
```
## Manual restore to specific location:
```bash
# Backend .env
openssl enc -aes-256-cbc -d -pbkdf2 \
-in backend-.env.enc \
-out ../../../reports-app/backend/.env
# Backend .env.prod
openssl enc -aes-256-cbc -d -pbkdf2 \
-in backend-.env.prod.enc \
-out ../../../reports-app/backend/.env.prod
# Telegram Bot .env
openssl enc -aes-256-cbc -d -pbkdf2 \
-in telegram-bot-.env.enc \
-out ../../../reports-app/telegram-bot/.env
# Telegram Bot .env.prod
openssl enc -aes-256-cbc -d -pbkdf2 \
-in telegram-bot-.env.prod.enc \
-out ../../../reports-app/telegram-bot/.env.prod
# Decrypt and extract secrets directory
openssl enc -aes-256-cbc -d -pbkdf2 -in secrets.tar.enc | \
tar -xf - -C ../../..
```
## Security Notes:
- Files encrypted with AES-256-CBC using OpenSSL
- Password-based encryption with PBKDF2 key derivation
- Keep the encryption password safe in your password manager
- Never commit decrypted .env files to git
## Password Storage Recommendation:
Store in password manager as:
- **Title:** ROA2WEB Secrets Backup Password
- **Type:** Secure Note or Password
- **Notes:** Encryption password for secrets-backup/2025-11-11_14-46-50
Reference in New Issue View Git Blame Copy Permalink