From 130506250f04c86f8487819eaf801c40f1d4990b Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Sat, 18 May 2024 19:20:04 +0200
Subject: [PATCH] document insecure-no-password

---
 changelog/unreleased/issue-1786  | 19 +++++++++++++++++++
 doc/030_preparing_a_new_repo.rst | 23 +++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 changelog/unreleased/issue-1786

diff --git a/changelog/unreleased/issue-1786 b/changelog/unreleased/issue-1786
new file mode 100644
index 000000000..bdd0d48c3
--- /dev/null
+++ b/changelog/unreleased/issue-1786
@@ -0,0 +1,19 @@
+Enhancement: Support repositories with empty password
+
+Restic refused to create or operate on repositories with an emtpy password.
+Using the new option `--insecure-no-password` it is now possible to disable
+this check. Restic will not prompt for a password when using this option.
+For security reasons, the option must always be specified when operating on
+repositories with an empty password.
+
+Specifying `--insecure-no-password` while also passing a password to restic
+via a CLI option or via environment variable results in an error.
+
+The `init` and `copy` command also support the option `--from-insecure-no-password`
+which applies to the source repository. The `key add` and `key passwd` comands
+include the `--new-insecure-no-password` option to add or set an emtpy password.
+
+https://github.com/restic/restic/issues/1786
+https://github.com/restic/restic/issues/4326
+https://github.com/restic/restic/pull/4698
+https://github.com/restic/restic/pull/4808
diff --git a/doc/030_preparing_a_new_repo.rst b/doc/030_preparing_a_new_repo.rst
index ee0a0df5e..5f3f3ff15 100644
--- a/doc/030_preparing_a_new_repo.rst
+++ b/doc/030_preparing_a_new_repo.rst
@@ -852,3 +852,26 @@ and then grants read/write permissions for group access.
 .. note:: To manage who has access to the repository you can use
           ``usermod`` on Linux systems, to change which group controls
           repository access ``chgrp -R`` is your friend.
+
+
+Repositories with empty password
+********************************
+
+Restic by default refuses to create or operate on repositories that use an
+empty password. Since restic 0.17.0, the option ``--insecure-no-password`` allows
+disabling this check. Restic will not prompt for a password when using this option.
+Specifying ``--insecure-no-password`` while also passing a password to restic
+via a CLI option or via environment variable results in an error.
+
+For security reasons, the option must always be specified when operating on
+repositories with an empty password. For example to create a new repository
+with an empty password, use the following command.
+
+.. code-block:: console
+
+    restic init --insecure-no-password
+
+
+The ``init`` and ``copy`` command also support the option ``--from-insecure-no-password``
+which applies to the source repository. The ``key add`` and ``key passwd`` comands
+include the ``--new-insecure-no-password`` option to add or set and emtpy password.