Articles Storage

Borg Backups

There are many ways to backup your files, and you’re probably familiar with some of them, but in current climate of data protection, GDPR, hackers, exploits and security in general, does your backup system tick all currently required boxes?

Borg is a deduplicating archiver with compression and encryption, which means it can facilitate both full and incremental backups of your data (i.e. just parts of files that changed since the last backup), while at the same time compressing the backup to conserve space, and encrypting it to provide privacy. One of the interesting features here is because your files are encrypted “at source” the backups themselves can literally be stored anywhere as the archive can only be read with your access to your keys.

Running Borg looks something like this;

# borgmatic -c .config/borgmatic_local.d/sandbox.yaml --progress --stats
Domain snapshot backup.qcow2 created
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
Deleted data:                    0 B                  0 B                  0 B
All archives:              241.63 GB             24.77 GB              1.92 GB
                       Unique chunks         Total chunks
Chunk index:                    1516                39503
------------------------------------------------------------------------------
Archive name: host-2020-04-17T15:12:16.471438
Archive fingerprint: (fingerprint)
Time (start): Fri, 2020-04-17 15:12:17
Time (end):   Fri, 2020-04-17 15:12:58
Duration: 40.95 seconds
Number of files: 1
Utilization of max. archive size: 0%
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
This archive:               16.11 GB              1.89 GB              3.29 MB
All archives:              257.74 GB             26.67 GB              1.92 GB

                       Unique chunks         Total chunks
Chunk index:                    1530                42331
------------------------------------------------------------------------------
Complete..........................
Successfully pivoted

Essentially you tell it which profile to run and it does something like this;

  • Connects to Borg backup archive
  • Scans all files defined in the selected profile
  • Works out what’s changed since the last backup
  • Works out a bunch of delta’s between the last backup the current changes
  • Encrypts the data
  • Pushes the data down a compressed pipe to the backup archive

With the “you can store your secure backups anywhere” thought in mind, a few companies are now offering up Borg specific backup hosting. One of these is BorgBase. After using it for the last six months or so it’s turned out to be fairly reliable and very cost effective. You pay for storage space on a managed Borg Archive, and because only you have the keys to the archive, to Borgbase all they’re storing is unintelligible data that only ‘you’ can decrypt.

Much of the hard work is done by the Borgbase UI which is excellent and includes many useful tools like monitoring space usage, notifications of missed backups and key management. (all protected via 2FA logins)

So of you’re still using SCP with TAR or RSYNC, maybe food for thought!

About the author

Gareth Bult

Gareth is a long time Linux User and enthusiast and currently works for Mad Penguin Consulting Ltd as a Full-stack / Python developer.