From 16f26ce42d379b6e607d4e9065378d205fc15f3f Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@engelbrecht.io>
Date: Mon, 11 Oct 2021 23:56:54 -0400
Subject: [PATCH] notes on backup security

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index edb9e7f..f291f2d 100644
--- a/README.md
+++ b/README.md
@@ -72,14 +72,14 @@ The main reasons for using restic is that it is easy to deploy, even on older
 systems, and it offers the rest-server mode for interaction.
 
 Kaya trusts the central backup server, so it stores the restic repo password in
-plain text in each repo's directory on that server. The password has to be
-stored somewhere, and chances are that you don't want to sync another password
-every time you deploy a new target machine, nor enter it every time you fetch a
-recent snapshot.
+plain text in each repo's data directory. That way, it doesn't have to be
+synced from the backup server after initializaing the repository, copied to
+each backup target, and quickly changed after cloning a production server (see
+below).
 
 With that in mind, the file system you back up to should be encrypted with
 LUKS, and it should require a password during the boot process, or when
-mounting manually.
+mounting the backup partition manually.
 
 One of the reasons why the central server initiates backups is so client
 machines won't try to send their backups all at the same time, or in a
-- 
2.25.1