Create configuration

Rekkord provides a step-by-step interactive command that will help you configure a repository.

Run the following command to get started:

rekkord setup

This command only creates the configuration but it does not initialize the repository. Follow the next section to continue.

Initialize repository

Once you have configured your repository, through a configuration file or with environment variables, you can initialize it with the following command:

rekkord init

export REKKORD_CONFIG_FILE=/path/to/config.ini
rekkord init

rekkord -C /path/to/config.ini init

This command will initialize the repository with a random 256-bit master key.

After initialization, the master key is exported to a binary file, named master.key by default (in the current directory). You can change the export file with the --key_file <file> option.

Rekkord uses multiple encryption keys which are derived from this master key:

• The config key (ckey) is paired with an access key (akey) to sign config files and user keyfiles
• The data key (dkey) is paired with a write key (wkey) for data encryption (snapshot information, directory metadata, file content)
• The log key (lkey) is paired with a tag key (tkey), to manage snapshots and record snapshot information

For simple use cases, you can simply use the master key for everything. However, we recommend that you create restricted keyfiles, for two reasons:

• Each restricted keyfile can have limited capabilities: ReadWrite, WriteOnly or LogOnly
• Snapshots are signed with each keyfile-specific signing key, this can be used to detect cross-server tampering during repository checks

Next steps

Once your setup is ready, you can create your first snapshot.

You might also want to secure your installation to protect your repository from data leaks, tampering and deletion.