JonIs anyone doing encryption-at-rest remote backups to cloud storage from a Linux home network? I'm thinking of using a provider like Hetzner and lashing up something using rsync, but it's a bit out of my wheelhouse so good tutorials or examples are welcome. Ideally using only OSS tools - I know there are some commercial backup solutions for Linux as well, but would not be comfortable trusting my data to them.
borgmatic@oddhack You're looking for Borg or Restic. Both work with Hetzner among other providers.
@borgmatic thanks. Am I reading the Restic docs correctly in that they are not guaranteeing backward compatibility of repositories until 1.0.0 is reached? Since they appear to be on 0.17.something after 9 years, it sounds like that could be a while away.
@oddhack I don't use Restic myself, so I don't know about their versioning. But maybe someone else more knowledgeable can chime in.
caroubier@oddhack
Have you got a look at https://borgbackup.readthedocs.io/en/stable/ ?
Encryption is client side.
https://linuxconfig.org/introduction-to-borg-backup
@caroubier thanks. I can tell that article's a bit aged because it links to a "secret pricing tier" for borg users which is now more expensive than their regular quoted prices :-) But I expect it's generally useful.
(Edit: NM, I see borg constructs some sort of archive data structure and is not just copying files). Is encryption performed independently on a per-file basis by borg, e.g. there's no metadata or external state that has to be paired with a file to decrypt it?
@oddhack
If you may look for a file level encryption tool, you can create simple Bash script based on gnupg or openssl for the encryption step and rsync command for the backup step.
If you may look for a file level encryption tool, you can create simple Bash script based on gnupg or openssl for the encryption step and rsync command for the backup step.