gen-key

Generates a new secret key for the encrypt backend

Usage

aegis gen-key

Description

The gen-key command generates a cryptographically secure 256-bit random key, encoded in base64. Use this key to configure the encrypt backend.

The output is a single line containing the base64-encoded key.

Example

$ aegis gen-key
1Kc8InZlttUiKzlJ2EYBg/9H9EWarpCP5DaLx9eO0q4

Add the key to your aegis.toml:

[backends.encrypted]
type = "encrypt"
key = "1Kc8InZlttUiKzlJ2EYBg/9H9EWarpCP5DaLx9eO0q4"
sub_backend = "storage"

[backends.storage]
type = "fs"
dir = "/path/to/backup"

Then make sure to store the key securely (e.g. a password manager or physical location).

There is no way to recover data if the key is lost. Anyone with the key and access to the sub-backend can decrypt your backups.