| DUPLICITY(1) | User Manuals | DUPLICITY(1) |
duplicity - Encrypted incremental backup to local or remote storage.
For detailed descriptions for each action see chapter ACTIONS.
duplicity [backup|full|incremental] [options] source_directory target_url
duplicity verify [options] [--compare-data] [--path-to-restore <relpath>] [--time time] source_url target_directory
duplicity collection-status [options] [--file-changed <relpath>] [--show-changes-in-set <index>] [--jsonstat]] target_url
duplicity list-current-files [options] [--time time] target_url
duplicity [restore] [options] [--path-to-restore <relpath>] [--time time] source_url target_directory
duplicity remove-older-than <time> [options] [--force] target_url
duplicity remove-all-but-n-full <count> [options] [--force] target_url
duplicity remove-all-inc-of-but-n-full <count> [options] [--force] target_url
duplicity cleanup [options] [--force] target_url
Duplicity incrementally backs up files and folders into tar-format volumes encrypted with GnuPG and places them to a remote (or local) storage backend. See chapter URL FORMAT for a list of all supported backends and how to address them. Because duplicity uses librsync, incremental backups are space efficient and only record the parts of files that have changed since the last backup. Currently duplicity supports deleted files, full Unix permissions, uid/gid, directories, symbolic links, fifos, etc., but not hard links.
If you are backing up the root directory /, remember to --exclude /proc, or else duplicity will probably crash on the weird stuff in there.
Here is an example of a backup, using sftp to back up /home/me to some_dir on the other.host machine:
If the above is run repeatedly, the first will be a full backup, and subsequent ones will be incremental. To force a full backup, use the full action:
or enforcing a full every other time via --full-if-older-than <time> , e.g. a full every month:
Now suppose we accidentally delete /home/me and want to restore it the way it was at the time of last backup:
Duplicity enters restore mode because the URL comes before the local directory. If we wanted to restore just the file "Mail/article" in /home/me as it was three days ago into /home/me/restored_file:
The following action compares the latest backup with the current files:
Finally, duplicity recognizes several include/exclude options. For instance, the following will backup the root directory, but exclude /mnt, /tmp, and /proc:
Note that in this case the destination is the local directory /usr/local/backup. The following will backup only the /home and /etc directories under root:
Duplicity can also access a repository via ftp. If a user name is given, the environment variable FTP_PASSWORD is read to determine the password:
Duplicity uses actions, which can be given in long or in short
form and finetuned with options.
The actions 'backup' or 'restore' can be implied from the order local path and
remote url are given. Other actions need to be given explicitly. For the
rare case that the local path may be a valid duplicity action name you may
append a '/' to the local path name so it can no longer be mistaken for an
action.
NOTE: The following explanations explain some but not all options that can be used in connection with that action. Consult the OPTIONS section for more detailed descriptions.
When backing up or restoring, this option specifies that the local archive directory is to be created in path. If the archive directory is not specified, the default will be to create the archive directory in ~/.cache/duplicity/.
The archive directory can be shared between backups to multiple targets, because a subdirectory of the archive dir is used for individual backups (see --name ).
The combination of archive directory and backup name must be unique in order to separate the data of different backups.
The interaction between the --archive-dir and the --name options allows for four possible combinations for the location of the archive dir:
Files must be specified one per line and relative to the backup source directory. Any absolute paths will raise an error. All characters per line are significant and treated as part of the path, including leading and trailing whitespace. Lines are separated by newlines or nulls, depending on whether the --null-separator switch was given.
It is not necessary to include the parent directory of listed files, their inclusion is implied. However, the content of any explicitly listed directories is not implied. All required files must be listed when this option is used.
See also A NOTE ON FILENAME PREFIXES
See the FILE SELECTION section for more information.
Please note that while ignored errors will be logged, there will be no summary at the end of the operation to tell you what was ignored, if anything. If this is used for emergency restoration of data, it is recommended that you run the backup in such a way that you can revisit the backup log (look for lines containing the string IGNORED_ERROR).
If you ever have to use this option for reasons that are not understood or understood but not your own responsibility, please contact duplicity maintainers. The need to use this option under production circumstances would normally be considered a bug.
If you specify a larger max_blocksize, your difftar files will be larger, but your sigtar files will be smaller. If you specify a smaller max_blocksize, the reverse occurs. The --max-blocksize option should be in multiples of 512.
If not specified, the default value is a hash of the backend URL.
duplicity restore --rename Documents/metal Music/metal sftp://uid@other.host/some_dir /home/me
duplicity --rsync-options="--partial-dir=.rsync-partial" /home/me rsync://uid@other.host/some_dir
NOTE: This value should optimally be an even multiple of your --volsize for optimal performance.
See also A NOTE ON AMAZON S3 below.
NOTE: Too many concurrent uploads may have diminishing returns.
See also A NOTE ON AMAZON S3 below.
With this option set, anyone between your computer and S3 can observe the traffic and will be able to tell: that you are using Duplicity, the name of the bucket, your AWS Access Key ID, the increment dates and the amount of data in each increment.
This option affects only the connection, not the GPG encryption of the backup increment files. Unless that is disabled, an observer will not be able to see the file names or contents.
See also A NOTE ON AMAZON S3 below.
NOTE: Duplicity will store the manifest.gpg and sigtar.gpg files from full and incremental backups on AWS S3 standard storage to allow quick retrieval for later incremental backups, all other data is stored in S3 Glacier Deep Archive.
NOTE: Duplicity will store the manifest.gpg and sigtar.gpg files from full and incremental backups on AWS S3 standard storage to allow quick retrieval for later incremental backups, all other data is stored in S3 Glacier.
NOTE: Duplicity will store the manifest.gpg and sigtar.gpg files from full and incremental backups on AWS S3 standard storage to allow quick retrieval for later incremental backups, all other data is stored in S3 Glacier.
example of a list:
duplicity --ssh-options="-oProtocol=2
-oIdentityFile='/my/backup/id'" /home/me scp://user@host/some_dir
example with multiple parameters:
duplicity --ssh-options="-oProtocol=2"
--ssh-options="-oIdentityFile='/my/backup/id'" /home/me
scp://user@host/some_dir
NOTE: The ssh paramiko backend currently supports only the -i or -oIdentityFile or -oUserKnownHostsFile or -oGlobalKnownHostsFile settings. If needed provide more host specific options via ssh_config file.
See also A NOTE ON SSL CERTIFICATE VERIFICATION.
See also A NOTE ON SSL CERTIFICATE VERIFICATION.
See also A NOTE ON SSL CERTIFICATE VERIFICATION.
See also A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS.
Use 'partial' to avoid syncing metadata for backup chains that you are not going to use. This saves time when restoring for the first time, and lets you restore an old backup that was encrypted with a different passphrase by supplying only the target passphrase.
Use 'full' to sync metadata for all backup chains on the remote.
See also ENVIRONMENT VARIABLES.
See section TIME FORMATS for details.
NOTE: This option only applies to recovery and status style actions. We no longer create or write filenames with time separators, but will read older backups that may need this option.
NOTE: Contrary to previous versions of duplicity, this option will also be honored by GnuPG 2 and newer versions. If GnuPG 2 is in use, duplicity passes the option --pinentry-mode=loopback to the the gpg process unless --use-agent is specified on the duplicity command line. This has the effect that GnuPG 2 uses the agent only if --use-agent is given, just like GnuPG 1.
The options -v4, -vn and -vnotice are functionally equivalent, as are the mixed/upper-case versions -vN, -vNotice and -vNOTICE.
For example to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
Other environment variables may be used to configure specific backends. See the notes for the particular backend.
Duplicity uses the URL format (as standard as possible) to define
data locations. Major difference is that the whole host section is optional
for some backends.
NOTE: If path starts with an extra '/' it usually denotes an absolute
path on the backend.
The generic format for a URL is:
or
It is not recommended to expose the password on the command line since it could be revealed to anyone with permissions to do process listings, it is permitted however. Consider setting the environment variable FTP_PASSWORD instead, which is used by most, if not all backends, regardless of it's name.
In protocols that support it, the path may be preceded by a single slash, '/path', to represent a relative path to the target home directory, or preceded by a double slash, '//path', to represent an absolute filesystem path.
NOTE: Scheme (protocol) access may be provided by more than one backend. In case the default backend is buggy or simply not working in a specific case it might be worth trying an alternative implementation. Alternative backends can be selected by prefixing the scheme with the name of the alternative backend e.g. ncftp+ftp:// and are mentioned below the scheme's syntax summary.
Formats of each of the URL schemes follow:
See also A NOTE ON AMAZON DRIVE
See also A NOTE ON AZURE ACCESS
See also A NOTE ON BOX ACCESS
See also A NOTE ON CLOUD FILES ACCESS
Make sure to read A NOTE ON DROPBOX ACCESS first!
NOTE: use lftp+, ncftp+ prefixes to enforce a specific backend, default is lftp+ftp://...
See A NOTE ON GOOGLE CLOUD STORAGE about needed endpoint option and env vars for authentication.
NOTE: use pydrive+, gdata+ prefixes to enforce a specific backend, default is pydrive+gdocs://...
See also A NOTE ON GDRIVE BACKEND below.
See also A NOTE ON HUBIC
See also A NOTE ON IMAP
See also A NOTE ON MEDIAFIRE BACKEND below.
NOTE: if not given in the URL, relies on password being stored within $HOME/.megarc (as used by the "megatools" utilities)
NOTE: despite "MEGAcmd" no longer uses a
configuration file, for convenience storing the user password this backend
searches it in the $HOME/.megav2rc file (same syntax as the old
$HOME/.megarc)
[Login]
Username = MEGA_USERNAME
Password = MEGA_PASSWORD
See also A NOTE ON MULTI BACKEND below.
See also A NOTE ON PAR2 WRAPPER BACKEND
See also A NOTE ON PCA ACCESS
See also A NOTE ON PYDRIVE BACKEND below.
See also A NOTE ON RCLONE BACKEND
See also A NOTE ON AMAZON S3 below.
defaults are paramiko+scp:// and paramiko+sftp://
alternatively try pexpect+scp://, pexpect+sftp://, lftp+sftp://
See also --ssh-askpass, --ssh-options and A NOTE ON SSH
BACKENDS.
See also A NOTE ON SLATE BACKEND
See also A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS
alternatively try lftp+webdav[s]://
See also A NOTE ON THE XORRISO BACKEND
duplicity uses time strings in two places. Firstly, many of the files duplicity creates will have the time in their filenames in the w3 datetime format as described in a w3 note at http://www.w3.org/TR/NOTE-datetime. Basically they look like "2001-07-15T04:09:38-07:00", which means what it looks like. The "-07:00" section means the time zone is 7 hours behind UTC.
Secondly, the -t, --time, and --restore-time options take a time string, which can be given in any of several formats:
When duplicity is run, it searches through the given source directory and backs up all the files specified by the file selection system, unless --files-from has been specified in which case the passed list of individual files is used instead.
The file selection system comprises a number of file selection conditions, which are set using one of the following command line options:
For each individual file found in the source directory, the file selection conditions are checked in the order they are specified on the command line. Should a selection condition match, the file will be included or excluded accordingly and the file selection system will proceed to the next file without checking the remaining conditions.
Earlier arguments therefore take precedence where multiple conditions match any given file, and are thus usually given in order of decreasing specificity. If no selection conditions match a given file, then the file is implicitly included.
For example,
is exactly the same as
because the --include directive matches all files in the backup source directory, and takes precedence over the contradicting --exclude option as it comes first.
As a more meaningful example,
would backup the /usr/local/bin directory (and its contents), but not /usr/local/doc. Note that this is not the same as simply specifying /usr/local/bin as the backup source, as other files and folders under /usr will also be (implicitly) included.
The order of the --include and --exclude arguments is important. In the previous example, if the less specific --exclude directive had precedence it would prevent the more specific --include from matching any files.
The patterns passed to the --include, --exclude, --include-filelist, and --exclude-filelist options are interpretted as extended shell globbing patterns by default. This behaviour can be changed with the following filter mode arguments:
These arguments change the interpretation of the patterns used in selection conditions, affecting all subsequent file selection options passed on the command line. They may be specified multiple times in order to switch pattern interpretations as needed.
Literal strings differ from globs in that the pattern must match the filename exactly. This can be useful where filenames contain characters which have special meaning in shell globs or regular expressions. If passing dynamically generated file lists to duplicity using the --include-filelist or --exclude-filelist options, then the use of --filter-literal is recommended unless regular expression or globbing is specifically required.
The regular expression language used for selection conditions specified with --include-regexp , --exclude-regexp , or when --filter-regexp is in effect is as implemented by the Python standard library.
Extended shell globbing pattenrs may contain: *, **, ?, and [...] (character ranges). As in a normal shell, * can be expanded to any string of characters not containing "/", ? expands to any single character except "/", and [...] expands to a single character of those characters specified (ranges are acceptable). The pattern ** expands to any string of characters whether or not it contains "/".
In addition to the above filter mode arguments, the following can be used in the same fashion to enable (default) or disable case sensitivity in the evaluation of file sslection conditions:
An example of filter mode switching including case insensitivity is
which would backup *.py, *.pY, *.Py, and *.PY files under /usr/bin and also the single literally specified file with globbing characters in the name. The use of --filter-strictcase is not technically necessary here, but is included as an example which may (depending on the backup source path) cause unexpected interactions between --include and --exclude options, should the directory portion of the path (/usr/bin) contain any uppercase characters.
If the pattern starts with "ignorecase:" (case insensitive), then this prefix will be removed and any character in the string can be replaced with an upper- or lowercase version of itself. This prefix is a legacy feature supported for shell globbing selection conditions only, but for backward compatability reasons is otherwise considered part of the pattern itself (use --filter-ignorecase instead).
Remember that you may need to quote patterns when typing them into a shell, so the shell does not interpret the globbing patterns or whitespace characters before duplicity sees them.
Selection patterns should generally be thought of as filesystem paths rather than arbitrary strings. For selection conditions using extended shell globbing patterns, the --exclude pattern option matches a file if:
1. pattern can be expanded into the file's filename,
or
2. the file is inside a directory matched by the option.
Conversely, the --include pattern option matches a file if:
1. pattern can be expanded into the file's filename,
or
2. the file is inside a directory matched by the option, or
3. the file is a directory which contains a file matched by the
option.
For example,
matches e.g. /usr/local, /usr/local/lib, and /usr/local/lib/netscape. It is the same as --exclude /usr/local --exclude '/usr/local/**'.
On the other hand
specifies that /usr, /usr/local, /usr/local/lib, and /usr/local/lib/netscape (but not /usr/doc) all be backed up. Thus you don't have to worry about including parent directories to make sure that included subdirectories have somewhere to go.
Finally,
would match a file like /usR/5fOO/hello/there/world.py. If it did match anything, it would also match /usr. If there is no existing file that the given pattern can be expanded into, the option will not match /usr alone.
This treatment of patterns in globbing and literal selection conditions as filesystem paths reduces the number of explicit conditions required. However, it does require that the paths described by all variants of the --include or --include option are fully specified relative to the backup source directory.
For selection conditions using literal strings, the same logic applies except that scenario 1 is for an exact match of the pattern.
For selection conditions using regular expressions the pattern is evaluated as a regular expression rather than a filesystem path. Scenario 3 in the above therefore does not apply, the implications of which are discussed at the end of this section.
The --include-filelist, and --exclude-filelist, options also introduce file selection conditions. They direct duplicity to read in a text file (either ASCII or UTF-8), each line of which is a file specification, and to include or exclude the matching files. Lines are separated by newlines or nulls, depending on whether the --null-separator switch was given.
Each line in the filelist will be interpreted as a selection pattern in the same way --include and --exclude options are interpreted, except that lines starting with "+ " are interpreted as include directives, even if found in a filelist referenced by --exclude-filelist. Similarly, lines starting with "- " exclude files even if they are found within an include filelist.
For example, if file "list.txt" contains the lines:
then --include-filelist list.txt would include /usr, /usr/local, and /usr/local/bin. It would exclude /usr/local/doc, /usr/local/doc/python, etc. It would also include /usr/local/man, as this is included within /usr/local. Finally, it is undefined what happens with /var. A single file list should not contain conflicting file specifications.
Each line in the filelist will be interpreted as per the current filter mode in the same way --include and --exclude options are interpreted. For instance, if the file "list.txt" contains the lines:
Then --include-filelist list.txt would be exactly the same as specifying --include dir/foo --include dir/bar --exclude ** on the command line.
Note that specifying very large numbers numbers of selection rules as filelists can incur a substantial performance penalty as these rules will (potentially) be checked for every file in the backup source directory. If you need to backup arbitrary lists of specific files (i.e. not described by regexp patterns or shell globs) then --files-from is likely to be more performant.
Finally, the --include-regexp and --exclude-regexp options allow files to be included and excluded if their filenames match a regular expression. Regular expression syntax is too complicated to explain here, but is covered in Python's library reference. Unlike the --include and --exclude options, the regular expression options don't match files containing or contained in matched files. So for instance
Backing up to Amazon S3 utilizes the boto3 library.
The boto3 backend does not support bucket creation. This deliberate choice simplifies the code, and side steps problems related to region selection. Additionally, it is probably not a good practice to give your backup role bucket creation rights. In most cases the role used for backups should probably be limited to specific buckets.
The boto3 backend only supports newer domain style buckets. Amazon is moving to deprecate the older bucket style, so migration is recommended.
The boto3 backend does not currently support initiating restores from the glacier storage class. When restoring a backup from glacier or glacier deep archive, the backup files must first be restored out of band. There are multiple options when restoring backups from cold storage, which vary in both cost and speed. See Amazon's documentation for details.
The following environment variables are required for
authentication:
boto3 backend example backup command line:
you may add --s3-endpoint-url (to access non Amazon S3 services or regional endpoints) and may need --s3-region-name (for buckets created in specific regions) and other --s3-... options documented above.
The Azure backend requires the Microsoft Azure Storage Blobs client library for Python to be installed on the system. See REQUIREMENTS.
It uses the environment variable AZURE_CONNECTION_STRING (required). This string contains all necessary information such as Storage Account name and the key for authentication. You can find it under Access Keys for the storage account.
Duplicity will take care to create the container when performing the backup. Do not create it manually before.
A container name (as given as the backup url) must be a valid DNS name, conforming to the following naming rules:
These rules come from Azure; see https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata
The box backend requires boxsdk with jwt support to be installed on the system. See REQUIREMENTS.
It uses the environment variable BOX_CONFIG_PATH (optional). This string contains the path to box custom app's config.json. Either this environment variable or the config query parameter in the url need to be specified, if both are specified, query parameter takes precedence.
In order to use box backend, user need to create a box custom app in the box developer console (https://app.box.com/developers/console).
After create a new custom app, please make sure it is configured as follow:
The user also need to grant the created custom app permission in the admin console (https://app.box.com/master/custom-apps) by clicking the "+" button and enter the client_id which can be found on the custom app's configuration page.
Pyrax is Rackspace's next-generation Cloud management API, including Cloud Files access. The cfpyrax backend requires the pyrax library to be installed on the system. See REQUIREMENTS.
Cloudfiles is Rackspace's now deprecated implementation of OpenStack Object Storage protocol. Users wishing to use Duplicity with Rackspace Cloud Files should migrate to the new Pyrax plugin to ensure support.
The backend requires python-cloudfiles to be installed on the system. See REQUIREMENTS.
It uses three environment variables for authentication: CLOUDFILES_USERNAME (required), CLOUDFILES_APIKEY (required), CLOUDFILES_AUTHURL (optional)
If CLOUDFILES_AUTHURL is unspecified it will default to the value provided by python-cloudfiles, which points to rackspace, hence this value must be set in order to use other cloud files providers.
Filename prefixes can be used in multi backend with mirror mode to define affinity rules. They can also be used in conjunction with S3 lifecycle rules to transition archive files to Glacier, while keeping metadata (signature and manifest files) on S3.
Duplicity does not require access to archive files except when restoring from backup.
Duplicity access to GCS currently relies on it's Interoperability API (basically S3 for GCS). This needs to actively be enabled before access is possible. For details read the next section Preparations below.
Once set up you can use the generated Interoperable Storage Access key and secret and pass them to duplicity as described in the next section.
The following examples show accessing GCS via S3 for a collection-status action. The shown env vars, options and url format can be applied for all other actions as well of course.
using boto3 supplying the --s3-endpoint-url manually.
GDrive: is a rewritten PyDrive: backend with less dependencies, and a simpler setup - it uses the JSON keys downloaded directly from Google Cloud Console.
Note Google has 2 drive methods, `Shared(previously Team) Drives` and `My Drive`, both can be shared but require different addressing
For a Google Shared Drives folder
Share Drive ID specified as a query parameter, driveID, in the
backend URL. Example:
gdrive://developer.gserviceaccount.com/target-folder/?driveID=<SHARED
DRIVE ID>
For a Google My Drive based shared folder
MyDrive folder ID specified as a query parameter, myDriveFolderID,
in the backend URL Example
export
GOOGLE_SERVICE_ACCOUNT_URL=<serviceaccount-name>@<serviceaccount-name>.iam.gserviceaccount.com
gdrive://${GOOGLE_SERVICE_ACCOUNT_URL}/<target-folder-name-in-myDriveFolder>?myDriveFolderID=root
There are also two ways to authenticate to use GDrive: with a regular account or with a "service account". With a service account, a separate account is created, that is only accessible with Google APIs and not a web login. With a regular account, you can store backups in your normal Google Drive.
To use a service account, go to the Google developers console at https://console.developers.google.com. Create a project, and make sure Drive API is enabled for the project. In the "Credentials" section, click "Create credentials", then select Service Account with JSON key.
The GOOGLE_SERVICE_JSON_FILE environment variable needs to contain the path to the JSON file on duplicity invocation.
export GOOGLE_SERVICE_JSON_FILE=<path-to-serviceaccount-credentials.json>
The alternative is to use a regular account. To do this, start as above, but when creating a new Client ID, select "Create OAuth client ID", with application type of "Desktop app". Download the client_secret.json file for the new client, and set the GOOGLE_CLIENT_SECRET_JSON_FILE environment variable to the path to this file, and GOOGLE_CREDENTIALS_FILE to a path to a file where duplicity will keep the authentication token - this location must be writable.
NOTE: As a sanity check, GDrive checks the host and username from the URL against the JSON key, and refuses to proceed if the addresses do not match. Either the email (for the service accounts) or Client ID (for regular OAuth accounts) must be present in the URL. See URL FORMAT above.
During the first run, you will be prompted to visit an URL in your browser to grant access to your Google Drive. A temporary HTTP-service will be started on a local network interface for this purpose (by default on http://localhost:8080/). Ip-address/host and port can be adjusted if need be by providing the environment variables GOOGLE_OAUTH_LOCAL_SERVER_HOST, GOOGLE_OAUTH_LOCAL_SERVER_PORT respectively.
If you are running duplicity in a remote location, you will need to make sure that you will be able to access the above HTTP-service with a browser utilizing e.g. port forwarding or temporary firewall permission.
The access credentials will be saved in the JSON file mentioned above for future use after a successful authorization.
The hubic backend requires the pyrax library to be installed on the system. See REQUIREMENTS. You will need to set your credentials for hubiC in a file called ~/.hubic_credentials, following this pattern:
An IMAP account can be used as a target for the upload. The userid may be specified and the password will be requested.
The from_address_prefix may be specified (and probably should be). The text will be used as the "From" address in the IMAP server. Then on a restore (or list) action the from_address_prefix will distinguish between different backups.
This backend requires mediafire python library to be installed on the system. See REQUIREMENTS.
Use URL escaping for username (and password, if provided via command line):
The destination folder will be created for you if it does not exist.
The multi backend allows duplicity to combine the storage available in more than one backend store (e.g., you can store across a google drive account and a onedrive account to get effectively the combined storage available in both). The URL path specifies a JSON formatted config file containing a list of the backends it will use. The URL may also specify "query" parameters to configure overall behavior. Each element of the list must have a "url" element, and may also contain an optional "description" and an optional "env" list of environment variables used to configure that backend.
Query parameters come after the file URL in standard HTTP format for example:
multi:///path/to/config.json?mode=mirror&onfail=abort multi:///path/to/config.json?mode=stripe&onfail=continue multi:///path/to/config.json?onfail=abort&mode=stripe multi:///path/to/config.json?onfail=abort
[
{
"description": "a comment about the backend"
"url": "abackend://myuser@domain.com/backup",
"env": [
{
"name" : "MYENV",
"value" : "xyz"
},
{
"name" : "FOO",
"value" : "bar"
}
],
"prefixes": ["prefix1_", "prefix2_"]
},
{
"url": "file:///path/to/dir"
}
]
onedrive:// works with both personal and business onedrive as well as sharepoint drives. On first use you be provided with an URL to with a microsoft account. Open it in your web browser.
After authenticating, copy the redirected URL back to duplicity. Duplicity will fetch a token and store it in ~/.duplicity_onedrive_oauthtoken.json. This location can be overridden by setting the DUPLICITY_ONEDRIVE_TOKEN environment variable.
Duplicity uses a default App ID registered with Microsoft Azure AD. It will need to be approved by an administrator of your Office365 Tenant on a business account.
More information on Microsoft Apps at: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
to use a sharepoint site you need to find and provide the site's tenant and site id.
Par2 Wrapper Backend can be used in combination with all other backends to create recovery files. Just add par2+ before a regular scheme (e.g. par2+ftp://user@host/dir or par2+s3+http://bucket_name ). This will create par2 recovery files for each archive and upload them all to the wrapped backend.
Before restoring, archives will be verified. Corrupt archives will be repaired on the fly if there are enough recovery blocks available.
Use --par2-redundancy percent to adjust the size (and redundancy) of recovery files in percent.
PCA is a long-term data archival solution by OVH. It runs a slightly modified version of Openstack Swift introducing latency in the data retrieval process. It is a good pick for a multi backend configuration where receiving volumes while another backend is used to store manifests and signatures.
The backend requires python-switclient to be installed on the system. python-keystoneclient is also needed to interact with OpenStack's Keystone Identity service. See REQUIREMENTS.
It uses following environment variables for authentication: PCA_USERNAME (required), PCA_PASSWORD (required), PCA_AUTHURL (required), PCA_USERID (optional), PCA_TENANTID (optional, but either the tenant name or tenant id must be supplied) PCA_REGIONNAME (optional), PCA_TENANTNAME (optional, but either the tenant name or tenant id must be supplied)
If the user was previously authenticated, the following environment variables can be used instead: PCA_PREAUTHURL (required), PCA_PREAUTHTOKEN (required)
If PCA_AUTHVERSION is unspecified, it will default to version 2.
The pydrive backend requires Python PyDrive package to be installed on the system. See REQUIREMENTS.
There are two ways to use PyDrive: with a regular account or with a "service account". With a service account, a separate account is created, that is only accessible with Google APIs and not a web login. With a regular account, you can store backups in your normal Google Drive.
To use a service account, go to the Google developers console at https://console.developers.google.com. Create a project, and make sure Drive API is enabled for the project. Under "APIs and auth", click Create New Client ID, then select Service Account with P12 key.
Download the .p12 key file of the account and convert it to the
.pem format:
openssl pkcs12 -in XXX.p12 -nodes -nocerts > pydriveprivatekey.pem
The content of .pem file should be passed to GOOGLE_DRIVE_ACCOUNT_KEY environment variable for authentication.
The email address of the account will be used as part of URL. See URL FORMAT above.
The alternative is to use a regular account. To do this, start as above, but when creating a new Client ID, select "Installed application" of type "Other". Create a file with the following content, and pass its filename in the GOOGLE_DRIVE_SETTINGS environment variable:
client_config_backend: settings
client_config:
client_id: <Client ID from developers' console>
client_secret: <Client secret from developers' console>
save_credentials: True
save_credentials_backend: file
save_credentials_file: <filename to cache credentials>
get_refresh_token: True
In this scenario, the username and host parts of the URL play no role; only the path matters. During the first run, you will be prompted to visit an URL in your browser to grant access to your drive. Once granted, you will receive a verification code to paste back into Duplicity. The credentials are then cached in the file references above for future use.
Rclone is a powerful command line program to sync files and directories to and from various cloud storage providers.
Once you have configured an rclone remote via
and successfully set up a remote (e.g. gdrive for Google Drive), assuming you can list your remote files with
you can start your backup with
Please note the slash after the second colon. Some storage provider will work with or without slash after colon, but some other will not. Since duplicity will complain about malformed URL if a slash is not present, always put it after the colon, and the backend will handle it for you.
Note that all rclone options can be set by env vars as well. This is properly documented here
but in a nutshell you need to take the long option name, strip the leading --, change - to _, make upper case and prepend RCLONE_. for example
Three environment variables are used with the slate backend:
1. `SLATE_API_KEY` - Your slate API key
2. `SLATE_SSL_VERIFY` - either '1'(True) or '0'(False) for ssl
verification (optional - True by default)
3. `PASSPHRASE` - your gpg passhprase for encryption (optional - will
be prompted if not set or not used at all if using the `--no-encryption`
parameter)
To use the slate backend, use the following scheme:
e.g. Full backup of current directory to slate:
Here's a demo: https://gitlab.com/Shr1ftyy/duplicity/uploads/675664ef0eb431d14c8e20045e3fafb6/slate_demo.mp4
The ssh backends support sftp and scp/ssh
transport protocols. This is a known user-confusing issue as these are
fundamentally different. If you plan to access your backend via one of those
please inform yourself about the requirements for a server to support
sftp or scp/ssh access. To make it even more confusing the
user can choose between several ssh backends via a scheme prefix: paramiko+
(default), pexpect+, lftp+... .
paramiko & pexpect support --use-scp, --ssh-askpass and
--ssh-options. Only the pexpect backend allows one to define
--scp-command and --sftp-command.
SSH paramiko backend (default) is a complete reimplementation of ssh protocols natively in python. Advantages are speed and maintainability. Minor disadvantage is that extra packages are needed as listed in REQUIREMENTS. In sftp (default) mode all operations are done via the according sftp commands. In scp mode ( --use-scp ) though scp access is used for put/get operations but listing is done via ssh remote shell.
SSH pexpect backend is the legacy ssh backend using the command line ssh binaries via pexpect. Older versions used scp for get and put operations and sftp for list and delete operations. The current version uses sftp for all four supported operations, unless the --use-scp option is used to revert to old behavior.
SSH lftp backend is simply there because lftp can interact with the ssh cmd line binaries. It is meant as a last resort in case the above options fail for some reason.
The change to sftp was made in order to allow the remote system to chroot the backup, thus providing better security and because it does not suffer from shell quoting issues like scp. Scp also does not support any kind of file listing, so sftp or ssh access will always be needed in addition for this backend mode to work properly. Sftp does not have these limitations but needs an sftp service running on the backend server, which is sometimes not an option.
Certificate verification as implemented right now [02.2016] only
in the webdav and lftp backends. older pythons 2.7.8- and older lftp
binaries need a file based database of certification authority certificates
(cacert file).
Newer python 2.7.9+ and recent lftp versions however support the system
default certificates (usually in /etc/ssl/certs) and also giving an
alternative ca cert folder via --ssl-cacert-path.
The cacert file has to be a PEM formatted text file as currently provided by the CURL project. See
After creating/retrieving a valid cacert file you should copy it to either
Duplicity searches it there in the same order and will fail if it can't find it. You can however specify the option --ssl-cacert-file <file> to point duplicity to a copy in a different location.
Finally there is the --ssl-no-check-certificate option to disable certificate verification altogether, in case some ssl library is missing or verification is not wanted. Use it with care, as even with self signed servers manually providing the private ca certificate is definitely the safer option.
Swift is the OpenStack Object Storage service.
The backend requires python-switclient to be installed on the system.
python-keystoneclient is also needed to use OpenStack's Keystone Identity
service. See REQUIREMENTS.
It uses following environment variables for authentication:
If the user was previously authenticated, the following environment variables can be used instead: SWIFT_PREAUTHURL (required), SWIFT_PREAUTHTOKEN (required)
If SWIFT_AUTHVERSION is unspecified, it will default to version 1.
Signing and symmetrically encrypt at the same time with the gpg binary on the command line, as used within duplicity, is a specifically challenging issue. Tests showed that the following combinations proved working.
1. Setup gpg-agent properly. Use the option --use-agent and enter both passphrases (symmetric and sign key) in the gpg-agent's dialog.
2. Use a PASSPHRASE for symmetric encryption of your choice but the signing key has an empty passphrase.
3. The used PASSPHRASE for symmetric encryption and the passphrase of the signing key are identical.
This backend uses the xorriso tool to append backups to optical media or ISO9660 images.
Use the following environment variables for more settings:
Hard links currently unsupported (they will be treated as non-linked regular files).
Bad signatures will be treated as empty instead of logging appropriate error message.
This section describes duplicity's basic operation and the format of its data files. It should not be necessary to read this section to use duplicity.
The files used by duplicity to store backup data are tarfiles in GNU tar format. For incremental backups, new files are saved normally in the tarfile. But when a file changes, instead of storing a complete copy of the file, only a diff is stored, as generated by rdiff(1). If a file is deleted, a 0 length file is stored in the tar. It is possible to restore a duplicity archive "manually" by using tar and then cp, rdiff, and rm as necessary. These duplicity archives have the extension difftar.
Both full and incremental backup sets have the same format. In effect, a full backup set is an incremental one generated from an empty signature (see below). The files in full backup sets will start with duplicity-full while the incremental sets start with duplicity-inc. When restoring, duplicity applies patches in order, so deleting, for instance, a full backup set may make related incremental backup sets unusable.
In order to determine which files have been deleted, and to calculate diffs for changed files, duplicity needs to process information about previous sessions. It stores this information in the form of tarfiles where each entry's data contains the signature (as produced by rdiff) of the file instead of the file's contents. These signature sets have the extension sigtar.
Signature files are not required to restore a backup set, but without an up-to-date signature, duplicity cannot append an incremental backup to an existing archive.
To save bandwidth, duplicity generates full signature sets and incremental signature sets. A full signature set is generated for each full backup, and an incremental one for each incremental backup. These start with duplicity-full-signatures and duplicity-new-signatures respectively. These signatures will be stored both locally and remotely. The remote signatures will be encrypted if encryption is enabled. The local signatures will not be encrypted and stored in the archive dir (see --archive-dir ).
Duplicity requires a POSIX-like operating system with a python interpreter version 3.8+ installed. It is best used under GNU/Linux.
Some backends also require additional components (probably available as packages for your specific platform):
Most backends were contributed individually. Information about their authorship may be found in the according file's header.
Also we'd like to thank everybody posting issues to the mailing list or on launchpad, sending in patches or contributing otherwise. Duplicity wouldn't be as stable and useful if it weren't for you.
A special thanks goes to rsync.net, a Cloud Storage provider with explicit support for duplicity, for several monetary donations and for providing a special "duplicity friends" rate for their offsite backup service. Email info@rsync.net for details.
python(1), rdiff(1), rdiff-backup(1).
| March 31, 2024 | Version 2.1.4 |