Feature request for router backup

I have a Flint running with firmware 4.1.
I noticed that when we backup the router with the Luci interface, the zip file produced is unprotected.
Inside it, the OpenVPN certs are also stored unprotected.
I work in IT, and I suggest add a password feature when creating the router’s backup.
I hope that you like my suggestion.


Tar does not include any flags/features for a password or encryption.

# tar                                                                       
BusyBox v1.33.2 (2022-10-13 19:16:38 UTC) multi-call binary.                                                                                                                                          

Usage: tar c|x|t [-zahvokO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [FILE]...                                                                                                                       
Create, extract, or list files from a tar file                                                                                                                                                                
c       Create                                                                                     
x       Extract                                                                                    
t       List                                                                                      

 -f FILE Name of TARFILE ('-' for stdin/out)                                                        
-C DIR  Change to DIR before operation                                                             
-v      Verbose                                                                                   
-O      Extract to stdout                                                                          
-o      Don't restore user:group                                                                   
-k      Don't replace existing files                                                               
-z      (De)compress using gzip                                                                    
-a      (De)compress based on extension                                                            
-h      Follow symlinks                                                                            
-T FILE File with names to include                                                                 
-X FILE File with glob patterns to exclude


Usage: gzip [-cfkdt] [FILE]...                                                                                                                                                                        
Compress FILEs (or stdin)                                                                                                                                                                                     
-d      Decompress                                                                                 
-t      Test file integrity                                                                        
-c      Write to stdout                                                                            
-f      Force                                                                                      
-k      Keep input files

I think the onus is on the user to secure/encrypt their own backups (for example using 7zips password feature or other encryption techniques) after they create them and develop their own process for security, with OpenWRT providing a simple method to export the backups.

Hi, I agree that everyone should secure/encrypt their backups, and I thought OpenWRT included some encrypt way.
Anyway, I still think that it could be a good feature. I just checked, and everything in the backup is text-based, also the Client username and passwords!
Maybe could be an idea also for OpenWRT include zip or encrypt packages ;-)!!!

Its linux. Its usually best not to tell geeks what to do when there are dozens of ways to accomplish the same goal.

You could probably write a simple script to unpack the tar.gz into a folder and to repack it on the fly using 7zip with a prompt to input a password. Its a 60 second fix regardless of how the goal is achieved.

To make it “more user friendly”, I agree. Adding a password prompt would make it easier when generating backups. It would probably be a weak form of encryption anyways, so your guess is as good as mine.

A similar request has been submitted several times. We have no plans to add this feature yet. Because users can backup/restore via LuCI and encrypt themselves directly.

1 Like

Fair enough!
Thanks for your answer!