paradux
paradux copied to clipboard
paradux
Paradux: recover from maximum data disaster
If the recovery key gets regenerated at some point, stewards cannot distinguish between the "old" and the "new" recovery sheet. Choices: * use time stamp when the recovery secret was...
Take a look at what's in `paradux.datatransfer`, and implement an `s3.py` similarly to the existing implementations. Simply creating the file in that folder should let paradux discover it.
After #12 is implemented, after the configuration image has been updated, right after unmount, we should automatically upload the image to the defined configuration locations, so its backups remain current.
There are a bunch of FIXME placeholders, e.g. for credentials. At the very minimum, we need to check for syntactic and semantic correctness.
We don't want to write any secrets to disk. But the way `cryptsetup` works, it appears impossible to make it do what we want it to do without providing some...
Damned if you do, and damned if you don't (log the secret). So the compromise is the prominently warn the user and perhaps ask their consent before doing that. Implement...
Would be cool ... could be paradux writing to a password manager with an API, or the password manager writing to paradux, or ...
Instead of having pairs of files (e.g. `stewards.json` and `stewards.temp.json`) we could put those files into git, and keep the entire version history around. A checked-out file would only be...
RIght now `recover` requires that the user specify a JSON file with the recovery info. That's not practical for things other than development. Implement an alternate that allows text input,...
Currently commented out in the code.