Rich Freeman via plug on 18 May 2023 00:52:11 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Physically Secure Backup Disk |
On Thu, May 18, 2023 at 3:16 AM Steve Litt via plug <plug@lists.phillylinux.org> wrote: > > However, your cloud backup should be reliably encrypted, while still > being able to upload only changed files. The only way I know to meet > that challenge is to have a LUKS partition on the remote side, then > every day open the LUKS partition, rsync new files to that opened > partition, do a cp -al to make the incremental create a full backup, > then close the LUKS partition. > Most backup software is designed to do exactly this. I use duplicity to backup my data onto Amazon S3 Glacier Deep Archive. It doesn't require running any software onto the remote end. It stores metadata and data in separate files and everything is encrypted with GPG. The metadata is locally cached so that a typical incremental backup requires no reads from the cloud service other than a directory listing to ensure the local cache is in sync. However, if the local cache is bad for whatever reason it will just retrieve the metadata. I keep the S3 metadata in the standard storage class just in case this is needed, since there isn't much of it anyway. The filenames are designed so that you can use rules on the S3 side to define the appropriate storage classes. The local cache is not encrypted, so you don't need to store the decryption key on the host being backed up (though obviously you'll need to provide it if you need to restore the local cache from the cloud). -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug