public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup 5/5] docs: client: add section about system credentials
Date: Wed, 26 Mar 2025 15:26:09 +0100	[thread overview]
Message-ID: <20250326142609.399793-6-m.sandoval@proxmox.com> (raw)
In-Reply-To: <20250326142609.399793-1-m.sandoval@proxmox.com>

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
 docs/backup-client.rst | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/docs/backup-client.rst b/docs/backup-client.rst
index e11c0142a..aea63bd1f 100644
--- a/docs/backup-client.rst
+++ b/docs/backup-client.rst
@@ -44,6 +44,9 @@ user\@pbs!token@host:store       ``user@pbs!token`` host:8007          store
 [ff80::51]:1234:mydatastore      ``root@pam``       [ff80::51]:1234    mydatastore
 ================================ ================== ================== ===========
 
+
+.. _environment-variables:
+
 Environment Variables
 ---------------------
 
@@ -89,6 +92,39 @@ Environment Variables
    you can add arbitrary comments after the first newline.
 
 
+System Credentials
+------------------
+
+Some of the :ref:`environment variables <environment-variables>` above can be
+set using `system credentials <https://systemd.io/CREDENTIALS/>`_ instead.
+
+============================ ==============================================
+Environment Variable         Credential Name Equivalent
+============================ ==============================================
+``PBS_REPOSITORY``           ``proxmox-backup-client.repository``
+``PBS_PASSWORD``             ``proxmox-backup-client.password``
+``PBS_ENCRYPTION_PASSWORD``  ``proxmox-backup-client.encryption-password``
+``PBS_FINGERPRINT``          ``proxmox-backup-client.fingerprint``
+============================ ==============================================
+
+For example, a credential for the repository password can be stored in an
+encrypted file as follows:
+
+.. code-block:: console
+
+  # systemd-ask-password -n | systemd-creds encrypt --name=proxmox-backup-client.password - my-api-token.cred
+
+The credential can be then reused inside of unit files or in a transient scope
+unit as follows:
+
+.. code-block:: console
+
+  # systemd-run --pipe --wait \
+  --property=LoadCredentialEncrypted=proxmox-backup-client.password:my-api-token.cred \
+  --property=SetCredential=proxmox-backup-client.repository:'my_default_repository' \
+  proxmox-backup-client ...
+
+
 Output Format
 -------------
 
-- 
2.39.5



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


      parent reply	other threads:[~2025-03-26 14:26 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-26 14:26 [pbs-devel] [PATCH backup 0/5] Allow reading more system credentials & add docs Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 1/5] pbs-client: use a const for the PBS_REPOSITORY env variable Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 2/5] pbs-client: allow reading default repository from system credential Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 3/5] pbs-client: allow reading fingerprint " Maximiliano Sandoval
2025-03-26 14:26 ` [pbs-devel] [PATCH backup 4/5] pbs-client: make common helper for getting UTF-8 secrets Maximiliano Sandoval
2025-03-27  9:24   ` Christian Ebner
2025-03-27 11:00     ` Maximiliano Sandoval
2025-03-26 14:26 ` Maximiliano Sandoval [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250326142609.399793-6-m.sandoval@proxmox.com \
    --to=m.sandoval@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal