Add paragraph regarding cache security assumptions (#4900)

docs: tell about borg cache security precautions
borgbackup · Jan 13, 2020 · 61b8234 · 61b8234
1 parent fc96fc4
commit 61b8234
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/docs/faq.rst b/docs/faq.rst
@@ -352,6 +352,22 @@ to change them.
 Security
 ########
 
+.. _cache_security:
+
+Do I need to take security precautions regarding the cache?
+-----------------------------------------------------------
+
+The cache contains a lot of metadata information about the files in
+your repositories and it is not encrypted.
+
+However, the assumption is that the cache is being stored on the very
+same system which also contains the original files which are being
+backed up. So someone with access to the cache files would also have
+access the the original files anyway.
+
+If you ever need to move the cache to a different location, this can
+be achieved by using the appropriate :ref:`env_vars`.
+
 How can I specify the encryption passphrase programmatically?
 -------------------------------------------------------------
 

diff --git a/docs/usage_general.rst.inc b/docs/usage_general.rst.inc
@@ -257,7 +257,8 @@ Directories and files:
         Default to '~/.config/borg'. This directory contains the whole config directories.
     BORG_CACHE_DIR
         Default to '~/.cache/borg'. This directory contains the local cache and might need a lot
-        of space for dealing with big repositories.
+        of space for dealing with big repositories. Make sure you're aware of the associated
+        security aspects of the cache location: :ref:`cache_security`
     BORG_SECURITY_DIR
         Default to '~/.config/borg/security'. This directory contains information borg uses to
         track its usage of NONCES ("numbers used once" - usually in encryption context) and other