From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup v2 7/7] docs: client: add section about system credentials
Date: Thu, 27 Mar 2025 11:47:30 +0100 [thread overview]
Message-ID: <20250327104730.199623-7-m.sandoval@proxmox.com> (raw)
In-Reply-To: <20250327104730.199623-1-m.sandoval@proxmox.com>
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
docs/backup-client.rst | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/docs/backup-client.rst b/docs/backup-client.rst
index e11c0142..aea63bd1 100644
--- a/docs/backup-client.rst
+++ b/docs/backup-client.rst
@@ -44,6 +44,9 @@ user\@pbs!token@host:store ``user@pbs!token`` host:8007 store
[ff80::51]:1234:mydatastore ``root@pam`` [ff80::51]:1234 mydatastore
================================ ================== ================== ===========
+
+.. _environment-variables:
+
Environment Variables
---------------------
@@ -89,6 +92,39 @@ Environment Variables
you can add arbitrary comments after the first newline.
+System Credentials
+------------------
+
+Some of the :ref:`environment variables <environment-variables>` above can be
+set using `system credentials <https://systemd.io/CREDENTIALS/>`_ instead.
+
+============================ ==============================================
+Environment Variable Credential Name Equivalent
+============================ ==============================================
+``PBS_REPOSITORY`` ``proxmox-backup-client.repository``
+``PBS_PASSWORD`` ``proxmox-backup-client.password``
+``PBS_ENCRYPTION_PASSWORD`` ``proxmox-backup-client.encryption-password``
+``PBS_FINGERPRINT`` ``proxmox-backup-client.fingerprint``
+============================ ==============================================
+
+For example, a credential for the repository password can be stored in an
+encrypted file as follows:
+
+.. code-block:: console
+
+ # systemd-ask-password -n | systemd-creds encrypt --name=proxmox-backup-client.password - my-api-token.cred
+
+The credential can be then reused inside of unit files or in a transient scope
+unit as follows:
+
+.. code-block:: console
+
+ # systemd-run --pipe --wait \
+ --property=LoadCredentialEncrypted=proxmox-backup-client.password:my-api-token.cred \
+ --property=SetCredential=proxmox-backup-client.repository:'my_default_repository' \
+ proxmox-backup-client ...
+
+
Output Format
-------------
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-03-27 10:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-27 10:47 [pbs-devel] [PATCH backup v2 1/7] pbs-client: use a const for the PBS_REPOSITORY env variable Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 2/7] pbs-client: add helper for getting UTF-8 secrets Maximiliano Sandoval
2025-03-27 11:57 ` Christian Ebner
2025-03-27 12:16 ` Maximiliano Sandoval
2025-03-27 12:41 ` Christian Ebner
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 3/7] pbs-client: use helper for getting UTF-8 password Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 4/7] pbs-client: make get_encryption_password return a String Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 5/7] pbs-client: allow reading default repository from system credential Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 6/7] pbs-client: allow reading fingerprint " Maximiliano Sandoval
2025-03-27 10:47 ` Maximiliano Sandoval [this message]
2025-04-02 9:57 ` [pbs-devel] [PATCH backup v2 7/7] docs: client: add section about system credentials Christian Ebner
2025-04-02 10:05 ` [pbs-devel] [PATCH backup v2 1/7] pbs-client: use a const for the PBS_REPOSITORY env variable Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250327104730.199623-7-m.sandoval@proxmox.com \
--to=m.sandoval@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.