←back to thread

231 points fanf2 | 3 comments | | HN request time: 0s | source
1. ritcgab ◴[] No.41833529[source]
Duplicity is my go because it integrates so well with pgp signing/encryption. Other popular alternatives like borg and restic just do not have it.
replies(2): >>41833554 #>>41836377 #
2. aftbit ◴[] No.41833554[source]
I do wish there were a way to allow a machine to perform backups without also allowing to read them. I generate per-machine secret keys for restic, then encrypt those keys to a set of GPG recipients, and store them alongside the backup data. I did have to roll my own solution for this using s3cmd etc but its not too bad.
3. aborsy ◴[] No.41836377[source]
This is an important feature. A gpg key can be offline or in Yubikey.