|
|
|
|
|
|
by jstephens
5294 days ago
|
|
|
Depending on what database you use you can do partial replication (only tables that aren't secrets) to a slave and then backup the slave. We use MySQL and that is possible. Also if you combine that with a high rotation rate on your binlogs (again mysql) and wipe out the older logs you can effectively have a slave with all of the "permanent" data and then only two hours of binlogs of everything. So in case of disaster you copy the slave back and then replay the binlogs you kept (a couple hours) for secrets and you are back where you started. But since you never replicated the secrets or kept more than 2 hours of binlogs you have no way of recovering the secrets outside of that window. |
|
|