Can anyone recommend a secure, open source, offsite backup setup with client-side encryption? The way I’m set up now, I have certain folders on my QNAP NAS automatically backup to Backblaze. Which is fine, except that the QNAP encryption scheme is proprietary and Backblaze is also proprietary (I’ve had a good experience with the latter, tho). I find the QNAP in general kind of hard to use, but it’s what I’ve got at the moment. I was contemplating using Cryptomator, either with BB or something else, though I’m not exactly sure how to set it up. So what do people think? Would another setup be slightly better? If it ain’t broke . . . ?

  • restic. I’ve been using it for years, and specifically with B2 for at least 2.

    • Client-side encryption, by default
    • Single executable
    • Stable format
    • Backups are incremental by default
    • Backups are mountable (via fuse), so it’s easy to grab specific files from a snapshot

    It really is a fantastic, free, OSS program.

  • @[email protected]
    link
    fedilink
    511 months ago

    I wasn’t happy with any off the shelf services a while ago so I ended up writing a cron job that gpg encrypted every file I needed backed up nightly and then rsync’d it to an s3 mount point. It worked without any issue for just enough time that I forgot about it and now it doesn’t work, so … I maybe wouldn’t follow that route, but also maybe I would if I had enough energy to unfuck that side project up.

    • @[email protected]
      link
      fedilink
      511 months ago

      Out of curiosity I looked at it again, and I’m kind of half-impressed, half-disgusted that I wrote that script. I had some thoughts of sharing it as a starting point but now I’m pretty sure I should just kick it back into the closet and shut the door and ignore it like it never happened