On 18/03/2022 00:07, Colin Percival wrote:

On 3/17/22 08:17, Arthur Chance wrote:

Is it possible to invalidate an existing tarsnap key so it cannot be
used in future. I have a key for a decommissioned machine so it's no
longer needed and hypothetically it could be used for DoS attack (by
creating bogus archives and draining the account funds). Obviously this
is impossible unless the key leaks somehow, but operational paranoia
would suggest invalidating it would be a good idea.

The API for disabling keys is "send Colin an email". ;-)

So API = Application Programmer's Initiative. :-)

use Tarsnap for my critical data. Case in point, I use it to backup my Bacula database dump. I use Bacula to backup my hosts. The database in question keeps track of what was backed up, from what host, the file size, checksum, where that backup is now, and many other items. Losing this data is annoying but not a disaster. It can be recreated from the backup volumes, but that is time consuming. As it is, the file is dumped daily, and rsynced to multiple locations.

I also backup that database daily via tarsnap. I’ve been doing this since at least 2015-10-09.

The uncompressed dump of this PostgreSQL database is now about 117G.