From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup 5/5] docs: client: add section about system credentials
Date: Wed, 26 Mar 2025 15:26:09 +0100 [thread overview]
Message-ID: <20250326142609.399793-6-m.sandoval@proxmox.com> (raw)
In-Reply-To: <20250326142609.399793-1-m.sandoval@proxmox.com>
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
docs/backup-client.rst | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/docs/backup-client.rst b/docs/backup-client.rst
index e11c0142a..aea63bd1f 100644
--- a/docs/backup-client.rst
+++ b/docs/backup-client.rst
@@ -44,6 +44,9 @@ user\@pbs!token@host:store ``user@pbs!token`` host:8007 store
[ff80::51]:1234:mydatastore ``root@pam`` [ff80::51]:1234 mydatastore
================================ ================== ================== ===========
+
+.. _environment-variables:
+
Environment Variables
---------------------
@@ -89,6 +92,39 @@ Environment Variables
you can add arbitrary comments after the first newline.
+System Credentials
+------------------
+
+Some of the :ref:`environment variables <environment-variables>` above can be
+set using `system credentials <https://systemd.io/CREDENTIALS/>`_ instead.
+
+============================ ==============================================
+Environment Variable Credential Name Equivalent
+============================ ==============================================
+``PBS_REPOSITORY`` ``proxmox-backup-client.repository``
+``PBS_PASSWORD`` ``proxmox-backup-client.password``
+``PBS_ENCRYPTION_PASSWORD`` ``proxmox-backup-client.encryption-password``
+``PBS_FINGERPRINT`` ``proxmox-backup-client.fingerprint``
+============================ ==============================================
+
+For example, a credential for the repository password can be stored in an
+encrypted file as follows:
+
+.. code-block:: console
+
+ # systemd-ask-password -n | systemd-creds encrypt --name=proxmox-backup-client.password - my-api-token.cred
+
+The credential can be then reused inside of unit files or in a transient scope
+unit as follows:
+
+.. code-block:: console
+
+ # systemd-run --pipe --wait \
+ --property=LoadCredentialEncrypted=proxmox-backup-client.password:my-api-token.cred \
+ --property=SetCredential=proxmox-backup-client.repository:'my_default_repository' \
+ proxmox-backup-client ...
+
+
Output Format
-------------
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
prev parent reply other threads:[~2025-03-26 14:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-26 14:26 [pbs-devel] [PATCH backup 0/5] Allow reading more system credentials & add docs Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 1/5] pbs-client: use a const for the PBS_REPOSITORY env variable Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 2/5] pbs-client: allow reading default repository from system credential Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 3/5] pbs-client: allow reading fingerprint " Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 4/5] pbs-client: make common helper for getting UTF-8 secrets Maximiliano Sandoval
2025-03-27 9:24 ` Christian Ebner
2025-03-27 11:00 ` Maximiliano Sandoval
2025-03-26 14:26 ` Maximiliano Sandoval [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250326142609.399793-6-m.sandoval@proxmox.com \
--to=m.sandoval@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.