this post was submitted on 25 Feb 2025
58 points (95.3% liked)

Selfhosted

42996 readers
434 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
58
Encrypted backups to the cloud (feddit.org)
submitted 3 days ago by Linsensuppe@feddit.org to c/selfhosted@lemmy.world
29 comments fedilink hide all child comments
 

How would or do you backup your home server? I don't have enough physical storage (for now) at home to store some backups, so I want to upload it to the cloud. Of course I want the backup to be encrypted, but I don't want to enter the password every time by server does a backup. I am currently using borg on my PC and do it manually. How do I create a encrypted backup without entering the key manually? Do I hardcode it somewhere? Don't really like that. I am also fine with trying other backup software.

you are viewing a single comment's thread
view the rest of the comments
[–] ShortN0te@lemmy.ml 8 points 3 days ago (1 children)

You have basically two options.

  1. Symmetric Encryption. That means you use the same password/key for writing the Backup and for reading the backup. Here you have to write the password somewhere, depending on the OS there are options like keychains or similar that can hold the password so that the password is only available once you are loged in or have unlocked the keychain.

  2. Asymmetric Encryption. That means you have different passwords/keys to read and write the backup. PGP is an example here. Here you can just simply use one key to write the backup, this key can become public and you do not have to worry about your backup since it will only be readable with the 2. key.

I personally use Restic with a password that is only readable by the system root user stored on the filesystem. Since I use Full Disk Encryption i do not have to worry too much about when the secret is available in clear text at runtime.

[–] themachine@lemmy.world 4 points 3 days ago

+1 for restic. I have additionally started using autorestic with it and have been happy how it operates.