Fix: docs: notes on encrypted backups

1 files changed, 16 insertions, 1 deletions

diff --git a/docs/backups.md b/docs/backups.md
index d645207..b5f19c6 100644
--- a/docs/backups.md
+++ b/docs/backups.md
@@ -155,7 +155,13 @@ This may be the ultimate disaster recovery kit for your Hydra!
 
 ## Restore
 
-Examples according to the software used to make the backup.
+Having backup data leaked is a serious security issue, and that's why we
+encrypt backups.
+But losing access to the encrypted material is data loss, so it's important
+to make sure in advance that we can get back the material.
+
+Procedures vary, and the following examples are sorted according to the
+software used to make the backup.
 
 ### Duplicity
 
@@ -196,6 +202,15 @@ Note on backup keys:
   encrypted-storage workstations_ (recommendation is to not do this on the remote
   repository).
 
+Just to be sure, let's emphasize Borg's own recommendation:
+
+> IMPORTANT: you will need both KEY AND PASSPHRASE to access this repo!
+>
+> If you used a repokey mode, the key is stored in the repo, but you should
+> back it up separately.
+> Use "borg key export" to export the key, optionally in printable format.
+> Write down the passphrase. Store both at safe place(s).
+
 [Borg]: https://www.borgbackup.org/
 [Puppet]: https://www.puppet.com/
 [not possible anymore]: https://github.com/borgbackup/borg/issues/7047