Auto create backups

[leonklingele]

This is really important. No one does backups until its too late ;)

Examples:

• Create a safe-backup before adding a new account
• Create a safe-backup at least once a day / once every hour (when pick is used)

These settings should be user-configurable in the config file.

[bndw]

I agree, automated backups would be great.

We'll need to consider retention policies:
* Max number and/or age of backups to keep
* Maybe auto backups are stored in a single file that's just replaced, e.g. autobackup.safe.

Maybe we should consider this a "restore" safe, versus automatic backups.

The main usecase I see for this is:

Whoops, I somehow corrupt my pick.safe and I never took a backup

Simply [over]writing a restore.safe on every change would be a very simple way to resolve that scenario.

[leonklingele]

Simply [over]writing a restore.safe on every change would be a very simple way to resolve that scenario.

This will not help if you remove an account by accident / change the password.

[bndw]

This will not help if you remove an account by accident / change the password.

Agreed, it won't, but I'm not convinced we should natively protect against that. By design the user must enter their master password to make any changes, which in itself provides protection against accidental changes.

[leonklingele]

Removing an account by accident can happen quite easily.
It happened to me before and I was very happy to have a backup.

[bndw]

Wouldn't the restore.safe approach work for this scenario? It's essentially like an "undo", snapshotting the safe before each change.

1. pick rm foo
2. snapshot pick.safe -> backups/restore.safe
3. Whoops, I didn't mean to remove foo
4. mv backups/restore.safe pick.safe
5. foo is restored

[leonklingele]

This way we only have an undo-history of 1.
Why not keep more snapshots / backup the safe on every change and keep all backups?

[bndw]

I see the value of keeping more than one backup. One downside is you could theoretically create a large number of backups, and that may be undesirable for certain users and/or certain backends.

How do you feel about exposing a config option to disable this feature (with it enabled by default).

# config.toml

# Snapshots will take a backup of your safe before each change. Default: true.
snapshots = false

[leonklingele]

1Password keeps a maximum of 30 backups. Let's make this configurable to the user. The default should be at least 30. -1 indicating "unlimited backups" and 0 "no backups at all".
Backups can be a security issue.

[leonklingele]

What do you think about making (parts of the) the configuration more user-accessible, by e.g. a new $ pick config command which asks some essential questions ("Do you want to enable automated backups"?)

[bndw]

-1 indicating "unlimited backups" and 0 "no backups at all".

I think that's a fine idea.

What do you think about making (parts of the) the configuration more user-accessible, by e.g. a new $ pick config command

This is an interesting idea. We could follow a similar pattern to the safe command:

$ pick config --help
The config command is used to perform operations on the config

Available Commands:
  get      Get a config option
  ls       List all config options
  set      Set a config option


$ pick config get [key]
# <key value>

$ pick config set [key] [value]
# <key value>

$ pick config ls
backups
storage.type
...

This would certainly be an enhancement/feature add because this control is all available by editing the config file.