From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 20 Aug 2025 00:18:53 +0000 (+1200)
Subject: WHATSNEW: samba-tool domain backup --no-secrets changes
X-Git-Tag: samba-4.23.0rc2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5c9f7d68912e4cc345250b8a3c57c0e09e11d170;p=thirdparty%2Fsamba.git

WHATSNEW: samba-tool domain backup --no-secrets changes

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 27fae5331d2..20a61604369 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -32,9 +32,16 @@ Initial version of smb_prometheus_endpoint
 ------------------------------------------
 todo
 
-samba-tool improvements
------------------------
-todo
+samba-tool domain backup --no-secrets avoids confidential attributes
+--------------------------------------------------------------------
+
+The --no-secrets option creates a back-up without secret attributes
+(e.g. passwords), suitable for use in a lab domain. Until now it could
+still contain confidential attributes, including BitLocker recovery
+data and KDS root keys. Objects in the classes msKds-ProvRootKey,
+msFVE-RecoveryInformation, and msTPM-InformationObject will now be
+entirely removed from the backup, as these objects are required by
+schema to have confidential attributes and are no use without them.
 
 CTDB changes
 ------------