Backup with restic¶

Restic is fast and secure backup program. All data in restic repositories is encrypted with AES-256 before upload.

Restic repository is the place where your backups will be saved. The restic repository can be stored locally, or on some remote server or service. In this article, we show how to set up restic to back up your data to a remote S3-compatible object storage (e.g. on ScienceCloud).

To access the repository, a password must be specified. Losing your password means that your data is irrecoverably lost.

Installation¶

Follow the instructions below to install restic on your operating system.

📘 Official documentation: Restic Installation Guide.

macOS

Install restic using Homebrew:

brew install restic

Linux (Debian/Ubuntu)

Install restic using apt:

sudo apt install restic

Backup¶

To initialize the backup repository and perform the backup, save the script below (e.g., as restic-setup.sh).

Configure S3-compatible credentials and Restic password¶

Before running the script, configure the following environment variables which are required by restic:

export AWS_ACCESS_KEY_ID=your-S3-access-key
export AWS_SECRET_ACCESS_KEY=your-S3-secret-key
export RESTIC_PASSWORD=your-restic-password-to-repository

• AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are your S3 credentials (access key and secret key) which are required to authenticate access to your S3 bucket.

  Tip

  ScienceCloud users can generate S3-compatible credentials using OpenStack command.

  Other users can refer to guidance in S3-compatible Storage section of official Restic documentation.

• RESTIC_PASSWORD is a user-defined password used to encrypt and access the restic repository. Make sure to create and remember this password yourself — restic will not generate it for you.

Set repository and backup directory¶

In the script, you'll also need to define the following variables:

• RESTIC_REPOSITORY is the URL of the S3-compatible storage service where you back up your data. Create an S3 bucket prior to running the script. The format is: s3:https://server:port/bucket-name.

  Tip

  ScienceCloud users can create an S3 bucket either through the web interface or via the command line. S3 buckets on ScienceCloud are hosted at s3:https://rgw.science-it.uzh.ch/bucket-name.

• BACKUP_FOLDER is the directory that you want to back up. In the script below, it is set to $HOME/code directory on your local machine.

Run the script¶

The backup script initializes the restic repository (if not already initialized) and backs up the specified folder.

#!/bin/bash
set -euo pipefail

export AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-}"
export AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-}"
export RESTIC_PASSWORD="${RESTIC_PASSWORD:-}"

## need to create bucket first, see s3 user docs
export RESTIC_REPOSITORY="s3:https://rgw.science-it.uzh.ch/bucket-name"

BACKUP_FOLDER="$HOME/code"

if [[ -z "$AWS_ACCESS_KEY_ID" || -z "$AWS_SECRET_ACCESS_KEY" || -z "$RESTIC_PASSWORD" ]]; then
    echo "Missing credentials. Set env vars or use a .env file." >&2
    exit 1
fi

if ! restic snapshots >/dev/null 2>&1; then
    echo "Initializing restic repository..."
    restic init
else
    echo "Repository already initialized."
fi

restic backup "$BACKUP_FOLDER"

## (optionaL) prune old snapshots
#restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6

Manage repository¶

For more options and advanced usage when working with repositories, refer to the comprehensive official guide:

• Working with repositories
• Restoring from backup