Better backup and restore

[Michaelpalacce]

Overview

Work in progress

This needs some extra thinking.

What needs to be done?

Currently backup and restore is done in a very open way, leading to really really easy extraction of sensitive data

Considerations.

Committing the SimpleSecret encrypted data to git is not something that I want to do... The main idea since the beginning of this project has been to avoid that.

Possible solutions

New CRDs with CLI solution

• [ ] Add a new CRD that would hold the data needed for restore. The CRD when created will be decrypted using the encryption key and then applied on top of the cluster.
• [ ] Create a CLI
• [ ] Add ability for setting the encryption key with the CLI
• [ ] Add ability for requesting a backup of the data
• [ ] The backup request should return the data in a format that it will be recoverable only with the Encryption Key
• [ ] The backup request will not backup the encryption key, that must be done separately
• [ ] The backup request can be scheduled
• [ ] If the backup request needs to be backed up offsite, it must be retrieved as yaml ( using `kubectl get backuprequest -o yaml > backup.yaml ) or alternatively by other means ( like velero )