From 478609d3bc50dc66023ba80c02f3a602faaacc09 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 24 Nov 2020 22:05:21 +0100
Subject: [PATCH] pbs: autogen key: rename old one if existing

it could be debated do have some security implications and that
deletion is safer, but key deletion is a pretty hairy thing.

Should be documented, and people just should use delete instead of
autogen if they want to "destroy" a key.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 PVE/Storage/PBSPlugin.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/PVE/Storage/PBSPlugin.pm b/PVE/Storage/PBSPlugin.pm
index 7d3db34..e046e99 100644
--- a/PVE/Storage/PBSPlugin.pm
+++ b/PVE/Storage/PBSPlugin.pm
@@ -371,6 +371,9 @@ sub prune_backups {
 my $autogen_encryption_key = sub {
     my ($scfg, $storeid) = @_;
     my $encfile = pbs_encryption_key_file_name($scfg, $storeid);
+    if (-f $encfile) {
+	rename $encfile, "$encfile.old";
+    }
     my $cmd = ['proxmox-backup-client', 'key', 'create', '--kdf', 'none', $encfile];
     run_command($cmd, errmsg => 'failed to create encryption key');
     return PVE::Tools::file_get_contents($encfile);