Opsmate Security Options
Opsmate is flexible and lets you choose how to manage your private keys so you can find the best balance between security and convenience. Opsmate supports three modes of operation:
Standard mode
- Copies of all your private keys are stored on Opsmate servers.
- You can browse and download your backups straight from your web browser.
- You can browse and download your backups using the opsmate command line program on a computer which has access to your key ring.
- You don't need to worry about losing your copies of your private keys.
Standard mode is the default mode, and Opsmate recommends it to people who do not have exceptional security requirements.
Hybrid mode
- Only your metadata private keys are stored on Opsmate servers.
- You can browse your backups from your web browser and see file names and attributes such as modification time, but not the contents of files.
- You can download encrypted copies of files from the Opsmate website, and extract them using the opsmate command line program on a computer which has access to your key ring.
- You can browse and download your backups using the opsmate command line program on a computer which has access to your key ring.
- You are responsible for not losing your copies of your private keys.
Hybrid mode is a good option for people who need a heightened level of security for their data but want the convenience of browsing metadata through the web browser.
Warning: in hybrid mode, your data decryption key is NOT stored on Opsmate servers and you are solely responsible for its safe-keeping. If you lose this key, your backups will be inaccessible!
To use hybrid mode, pass the --hybrid
option to the opsmate setup command when setting up a server with Opsmate.
Paranoid mode
- None of your private keys are stored on Opsmate servers.
- You have to use the opsmate command line programs to browse and download your backups. You cannot use your web browser.
- You are responsible for not losing your copies of your private keys.
Paranoid mode is the best option for those with exceptional security needs and who are comfortable with using the command line and taking responsibility for safe-keeping their private keys.
Warning: in paranoid mode, your private keys are NOT stored on Opsmate servers and you are solely responsible for their safe-keeping. If you lose your private keys, your backups will be inaccessible!
To use paranoid mode, pass the --paranoid
option to the opsmate setup command when setting up a server with Opsmate.
Advanced operation
Using the opsmate key command, it is possible to exert fine grained control over how your keys are distributed between different systems and the Opsmate servers. For example, you can have a system that is allowed to create backups but not retrieve them, or a system that is allowed to retrieve backups but not delete them. See the Key Management page for more information.