Encrypted backups and passwords

[Thorsten Heit]

Hi,

I'm using barman to backup a couple of PostgreSQL servers (versions 15, 17 and 18 actually) from a remote machine. Backing up and restoring them so far works pretty good.

Recently I turned on encrypted backups. By following the documentation I created a new GnuPG key pair and added the following parameters to the server's conf:

* encryption = gpg

* encryption_key_id = ...

* backup_compression = none

* backup_compression_format = tar

IIUC I also have to configure "encryption_passphrase_command" to refer to a tool that outputs the necessary password to stdout.

For testing purposes I copied the GnuPG key passphrase into a file "~/.passphrase" and configured

* encryption_passphrase_comman = "cat ~/.passphrase"

Not nice, but at least. for testing purposes I'm able to restore such an encrypted backup.

Question:

Is it possible to configure barman to ask the passphrase from the user in the console window? Similar to what pinentry does for example.

I've tried "systemd-ask-password --echo=no -n" as command, but that didn't work.

BTW:

I'm using barman 3.18.0 running on Ubuntu 24.04.4

Regards

Thorsten