Marius Mutu
53d108e7c8
Initial encrypted backup of all sensitive configuration files and SSH keys for version control and disaster recovery. Contents: - backend/.env and .env.prod (development and production config) - telegram-bot/.env and .env.prod (bot configuration) - secrets/ directory (SSH keys for Oracle server access) Encryption: AES-256-CBC with PBKDF2 using OpenSSL Total: 5 encrypted items (4 files + 1 directory archive) Backup date: 2025-11-11 14:46:50 ⚠️ IMPORTANT: Decryption password required for restore Password format: ROA2WEB_Backup_2024_Secure_Key_YYYYMMDD To restore: ./scripts/restore-secrets.sh 2025-11-11_14-46-50 All files are safely encrypted and can be committed to git without exposing sensitive credentials. Decryption password must be stored separately in password manager. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
ROA2WEB Secrets Backup
Date: 2025-11-11_14-46-50 Backed up files: 5 Encryption: AES-256-CBC with PBKDF2
Files in this backup:
Environment Files:
- backend-.env.enc (encrypted)
- backend-.env.prod.enc (encrypted)
- telegram-bot-.env.enc (encrypted)
- telegram-bot-.env.prod.enc (encrypted)
Directories:
- secrets.tar.enc (encrypted tar archive, 4 files)
How to restore:
# Restore all files automatically:
./scripts/restore-secrets.sh 2025-11-11_14-46-50
# Or manually decrypt a single file:
openssl enc -aes-256-cbc -d -pbkdf2 -in backend-.env.enc -out .env
# When prompted, enter the encryption password
Manual restore to specific location:
# Backend .env
openssl enc -aes-256-cbc -d -pbkdf2 \
-in backend-.env.enc \
-out ../../../reports-app/backend/.env
# Backend .env.prod
openssl enc -aes-256-cbc -d -pbkdf2 \
-in backend-.env.prod.enc \
-out ../../../reports-app/backend/.env.prod
# Telegram Bot .env
openssl enc -aes-256-cbc -d -pbkdf2 \
-in telegram-bot-.env.enc \
-out ../../../reports-app/telegram-bot/.env
# Telegram Bot .env.prod
openssl enc -aes-256-cbc -d -pbkdf2 \
-in telegram-bot-.env.prod.enc \
-out ../../../reports-app/telegram-bot/.env.prod
# Decrypt and extract secrets directory
openssl enc -aes-256-cbc -d -pbkdf2 -in secrets.tar.enc | \
tar -xf - -C ../../..
Security Notes:
- Files encrypted with AES-256-CBC using OpenSSL
- Password-based encryption with PBKDF2 key derivation
- Keep the encryption password safe in your password manager
- Never commit decrypted .env files to git
Password Storage Recommendation:
Store in password manager as:
- Title: ROA2WEB Secrets Backup Password
- Type: Secure Note or Password
- Notes: Encryption password for secrets-backup/2025-11-11_14-46-50