I was trying to get my head around using the private/public master key pair via the proxmox-backup-client. Inspired by this post and grasgruen.it's script in it , I wanted to simultaneously create an easy to use and fast way to restore the latest file-level-backup of a given host.
This is the result, in case somebody else may find it useful:
I'm not too versed in the dark scripting arts, so constructive feedback would be much appreciated.
This is the result, in case somebody else may find it useful:
Bash:
#!/bin/bash
#########################
# Credentials #
#########################
export PBS_REPOSITORY=Restores@pbs@pbs.example.com:tank
export PBS_PASSWORD=InsertPasswordHere
#########################
# Variables #
#########################
namespace=External
group="$(hostname)/"
target_directory=/path/to/target/directory
master_private=/path/to/private/master/key
#########################
# Execution #
#########################
# get latest snapshot of group
latest_snapshot=$(proxmox-backup-client snapshot list --ns $namespace | awk '{print $2}' | grep $group | sort -t/ -k2,2 -k3,3r | sort -u -t/ -k2,2)
# restore rsa-encrypted.key
proxmox-backup-client restore \
$latest_snapshot \
rsa-encrypted.key \
/tmp/rsa-encrypted.key \
--ns $namespace
# decrypt rsa-encrypted.key and set resulting encryption-key.json to new default
proxmox-backup-client key import-with-master-key ~/.config/proxmox-backup/encryption-key.json \
--master-keyfile $master_private \
--encrypted-keyfile /tmp/rsa-encrypted.key \
--kdf=none
# get filename of archive
archive_name=$(proxmox-backup-client restore --ns External $latest_snapshot index.json - | grep "pxar" | awk '{print $2}' | awk -F'[ |.]' '{print $1,".",$2}' | tr -d '" ')
# perform restore
proxmox-backup-client restore \
$latest_snapshot \
$archive_name \
$target_directory \
--ns $namespace
#########################
# Cleanup #
#########################
rm /tmp/rsa-encrypted.keyI'm not too versed in the dark scripting arts, so constructive feedback would be much appreciated.
