this post was submitted on 17 May 2023
5 points (100.0% liked)

Free and Open Source Software

19771 readers
4 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
Gaywallet@beehaw.org
alyaza@beehaw.org
5
Secure backup alternative? (beehaw.org)
submitted 2 years ago* (last edited 2 years ago) by gloating_swann@beehaw.org to c/foss@beehaw.org
8 comments fedilink hide all child comments
 

Can anyone recommend a secure, open source, offsite backup setup with client-side encryption? The way I'm set up now, I have certain folders on my QNAP NAS automatically backup to Backblaze. Which is fine, except that the QNAP encryption scheme is proprietary and Backblaze is also proprietary (I've had a good experience with the latter, tho). I find the QNAP in general kind of hard to use, but it's what I've got at the moment. I was contemplating using Cryptomator, either with BB or something else, though I'm not exactly sure how to set it up. So what do people think? Would another setup be slightly better? If it ain't broke . . . ?

top 8 comments
sorted by: hot top controversial new old
[–] sxan@midwest.social 6 points 2 years ago (4 children)

restic. I've been using it for years, and specifically with B2 for at least 2.

  • Client-side encryption, by default
  • Single executable
  • Stable format
  • Backups are incremental by default
  • Backups are mountable (via fuse), so it's easy to grab specific files from a snapshot

It really is a fantastic, free, OSS program.

[–] dax@beehaw.org 4 points 2 years ago

For any of those curious, it seems to use the crypto/aes package in restic/crypto.go.

[–] jherazob@beehaw.org 4 points 2 years ago

We switched to it for backups at work about a couple years ago too, and agree on the assessment

[–] smorks@lemmy.ca 3 points 2 years ago

there's also rustic, which is currently in beta i believe, but it's basically the rust equivalent of restic.

[–] gloating_swann@beehaw.org 2 points 2 years ago

By it you mean Cryptomator, yes?

[–] dax@beehaw.org 5 points 2 years ago (1 children)

I wasn't happy with any off the shelf services a while ago so I ended up writing a cron job that gpg encrypted every file I needed backed up nightly and then rsync'd it to an s3 mount point. It worked without any issue for just enough time that I forgot about it and now it doesn't work, so ... I maybe wouldn't follow that route, but also maybe I would if I had enough energy to unfuck that side project up.

[–] dax@beehaw.org 5 points 2 years ago

Out of curiosity I looked at it again, and I'm kind of half-impressed, half-disgusted that I wrote that script. I had some thoughts of sharing it as a starting point but now I'm pretty sure I should just kick it back into the closet and shut the door and ignore it like it never happened

[–] Helix@feddit.de 4 points 2 years ago

Duplicati, Syncthing with encryption explicitly enabled, borgmatic/borgbackup, restic.

See also: https://github.com/awesome-foss/awesome-sysadmin#backups