Comment 6 for bug 1010621

Basically I think we backup the puppetmaster with bup just like any other server, with the following caveats:

exclude places where sensitive plaintext credentials reside (/etc/puppet/heiradata, /root/ci-launch, /etc/ssl/private, what have you) and then whip up a little cron job to encrypt copies of these to multiple root admin OpenPGP keys when they change and stash the results in a place bup will back up. This doesn't take advantage of the gitishness of bup's protocol for those particular files because they're represented by one or more encrypted blobs which change in their entirety, but they will be smal and this provides a minimum divergence from our normal backup and recovery strategy.