feat!: Add masterkey as credential option

[aawsome]

Adds the possibility to use a master key directly as credential to open/initialize a repository.

Using the masterkey has the following advantages:

• no need anymore to save the masterkey (encrypted) in the repository. This increases security as it eliminates possible master key leaks due to insecure passwords or a vulnerability in the scrypt algorithm.
• by not using the scrypt algorithm, opening a repository is much faster and needs much less resources (CPU/Memory) making this option interesting for some use cases.

Advantages of the still supported password credential are the possibility to backup the masterkey in the repository - and of course allowing to access the repo using a noticeable password.

Note that this change allows to use repositories with only the masterkey, but additionally allows to access a "normal" repository with keyfiles with either a password or the masterky.

As a side effect, most integration tests are now much faster as most now use the masterkey.

This is a breaking change as it changes Repository methods.

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 48 lines in your changes missing coverage. Please review.
✅ Project coverage is 45.1%. Comparing base (54463a9) to head (4e1b8d8).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
crates/core/src/repository/credentials.rs	47.5%	21 Missing ⚠️
crates/core/src/repository/command_input.rs	33.3%	16 Missing ⚠️
crates/core/src/repository.rs	56.2%	7 Missing ⚠️
crates/core/src/commands/init.rs	71.4%	2 Missing ⚠️
crates/core/src/repofile/keyfile.rs	66.6%	2 Missing ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
crates/core/src/error.rs	66.0% <ø> (-1.2%)	⬇️
crates/core/src/repofile.rs	73.9% <ø> (+4.3%)	⬆️
crates/core/tests/integration.rs	78.5% <100.0%> (+0.7%)	⬆️
crates/core/tests/keys.rs	100.0% <ø> (ø)
crates/core/src/commands/init.rs	85.0% <71.4%> (-8.8%)	⬇️
crates/core/src/repofile/keyfile.rs	67.1% <66.6%> (+0.4%)	⬆️
crates/core/src/repository.rs	47.7% <56.2%> (+0.5%)	⬆️
crates/core/src/repository/command_input.rs	55.8% <33.3%> (-10.9%)	⬇️
crates/core/src/repository/credentials.rs	47.5% <47.5%> (ø)

... and 20 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[s-leroux]

Great job!

I assume the key should be given (unencrypted) as a new global option, isn't it?

Many tools accept command-line arguments, environment variables, and password files (with proper permission check, eg, 600). I don't know if this is a requirement here (or maybe you already implemented that!-)

Advantages of the still supported password credential are the possibility to backup the masterkey in the repository

(emphasis mine)

I think the password credentials with the master key encrypted in the repository should remain the default strategy. It is reasonably safe, depending on the SLA of the underlying storage provider. Can the user change the strategy after the repo init?

[aawsome]

I think the password credentials with the master key encrypted in the repository should remain the default strategy. It is reasonably safe, depending on the SLA of the underlying storage provider. Can the user change the strategy after the repo init?

The default will be what the user selects. If they don't select anything, rustic will ask for a password and create a key for this in the repo as it is now.

The strategy can be changed any time. You can always add new repository keys using rustic key add and remove them using rustic key remove (except the one you are using to call that command, for safety reasons; but using the masterkey, you can remove every key).
And if you have both the masterkey and a password to a key in the repo, you can use either to open the repository.

[aawsome]

This feature has now also been added to rustic and is available in the nightly builds (and the upcoming 0.11.0 version).
I have prepared the docu update here: rustic-rs/docs#123