1 [[!meta date="2016-06-09 20:41:06 +0800"]]
3 Trying to configure [obnam](http://obnam.org) to use one repository for 3 clients using encryption has been a bit of search.
5 Initialising the first client was straightforward. I simply set it up to use a gpg key for encryption per the manual. Since that key is only used for encrypting backups from this client, making it not have a passphrase seemed to be a good option.
7 For the next client, things got a bit trickier. Since the backup repository is now encrypted, that client couldn't access it. The solution I ended up with was to temporarily ensure client 2 has access to client 1's secret key too.
9 On client 1: `gpg --export-secret-key -a LONG_KEY > client1.private.key`
11 That file I had to copy to the other client, and import it using:
13 On client 2: `gpg --import client1.private.key`
15 Now I could configure this client with its own gpg key and perform an initial backup.
17 After this, client 1's secret key can be removed again: `gpg --delete-secret-key LONG_KEY` followed by `gpg --delete-key LONG_KEY`.
19 (Not removing it defeats the purpose of having a specific key per client - the workaround above doesn't seem entirely sensible from that perspective either, as the secret key needs to be shared temporarily.)
21 The third client should have been easy, but gpg-agent made it a bit more tricky. Obnam failed to run because it couldn't find gpg-agent. Several workarounds have been documented in the past, but they all ended up not working anymore since version 2.1 of gpg-agent. I ended up [^1] having to modify `~/.bashrc` as follows:
23 function gpg-update() {
24 GPG_PID=$(pidof gpg-agent)
25 GPG_AGENT_INFO=${HOME}/.gnupg/S.gpg-agent:$GPG_PID:1
31 [^1]: Courtesy of [Brian Lane on RedHat's bugtracker](https://bugzilla.redhat.com/show_bug.cgi?id=1221234#c5)