client: introduce --keyfd parameter

This is a more convenient way to pass along the key when
creating encrypted backups of unprivileged containers in PVE
where the unprivileged user namespace cannot access
`/etc/pve/priv`.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

src/bin/proxmox_backup_client/catalog.rs

@@ -16,7 +16,6 @@ use crate::{
     REPO_URL_SCHEMA,
     extract_repository_from_value,
     record_repository,
-    load_and_decrypt_key,
     api_datastore_latest_snapshot,
     complete_repository,
     complete_backup_snapshot,
@@ -35,6 +34,8 @@ use crate::{
     Shell,
 };
 
+use proxmox_backup::backup::load_and_decrypt_key;
+
 use crate::key::get_encryption_key_password;
 
 #[api(

src/bin/proxmox_backup_client/key.rs

@@ -33,6 +33,12 @@ pub fn place_default_encryption_key() -> Result<PathBuf, Error> {
     super::place_xdg_file(DEFAULT_ENCRYPTION_KEY_FILE_NAME, "default encryption key file")
 }
 
+pub fn read_optional_default_encryption_key() -> Result<Option<Vec<u8>>, Error> {
+    find_default_encryption_key()?
+        .map(file_get_contents)
+        .transpose()
+}
+
 pub fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
     // fixme: implement other input methods