• 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: June 7th, 2023

help-circle














  • I at least had the cathartic experience of being told “hey we need to shut down EVERYTHING before 7pm because that’s when the email will turn off, so log into every service you know we use and delete it all.” And then I spent the next couple hours clicking every delete button I could.

    K8s clusters? Delete. Prod DB? Delete. Prod DB backups? Delete. S3 buckets? Delete. Cloudflare account? Delete.

    It was actually kinda fun.



  • In practice, I believe the private key should contain the public key (or at least sufficient data to recover it): https://superuser.com/questions/814409/gnupg-opengpg-recovering-public-key-from-private-key#814421

    I believe you only need your private key to sign files so, technically you only need to back up the private key, but you should test this to be sure it fits your use case.

    Depending on how you’re backing things up, and what your security goals are, remember that backing up a private key may involve putting that private key on somebody else’s computer - i.e. if you use a remote git repo, or cloud backup service, or even send the key to your own (different) machine over an insecure network. Make sure that you’ve got a way of securely backing up your private key, otherwise you may undermine the whole cryptography thing anyways :).

    As always, you should test by backing up your key(s) and then testing that you can actually restore them and successfully sign a file. Backups are only as good as the last time you tested restoring from them.