# Restic — Fast & Secure Encrypted Backup Program > Restic is a modern backup program with encryption, deduplication, and support for 20+ storage backends. Single binary, fast incremental backups, and easy restores. ## Install Save as a script file and run: ## Quick Use ```bash # Install brew install restic # macOS apt install restic # Debian/Ubuntu # Initialize repository restic -r /path/to/backup init # Create backup restic -r /path/to/backup backup ~/Documents # List snapshots restic -r /path/to/backup snapshots # Restore restic -r /path/to/backup restore latest --target /tmp/restore ``` ## Intro **Restic** is a fast, secure, and efficient backup program written in Go. It encrypts all data with AES-256 before storing it, deduplicates at the chunk level, and supports 20+ storage backends including local disks, SFTP, S3, Backblaze B2, Google Cloud, and Azure Blob Storage. With 33K+ GitHub stars and BSD-2-Clause license, Restic is the most popular command-line backup tool, valued for its simplicity, speed, and cryptographic design that ensures backups are secure even on untrusted storage. ## What Restic Does - **Encrypted**: AES-256 encryption — backups are secure even on untrusted storage - **Deduplicated**: Content-defined chunking means only changed data is stored - **Fast**: Parallel processing for backup and restore operations - **Verifiable**: Cryptographic integrity verification of all backed-up data - **Incremental**: After initial backup, only changes are transmitted - **Snapshots**: Each backup creates a snapshot that can be individually browsed and restored - **Cross-Platform**: Single binary for Linux, macOS, Windows, FreeBSD - **Multiple Backends**: Local, SFTP, S3, B2, GCS, Azure, MinIO, Rclone, REST server ## Architecture ``` Source Files → Content-defined chunking (CDC) → Deduplicate (skip known chunks) → Compress (zstd, since v0.14) → Encrypt (AES-256-CTR + Poly1305) → Upload to repository backend Repository Layout: ├── config — encrypted repo config ├── data/ — encrypted data blobs ├── index/ — chunk index files ├── keys/ — master key (encrypted with password) ├── locks/ — exclusive lock files └── snapshots/ — snapshot metadata ``` ## Storage Backends ```bash # Local directory restic -r /mnt/backup init # SFTP restic -r sftp:user@host:/backup init # Amazon S3 restic -r s3:s3.amazonaws.com/my-bucket init # Backblaze B2 restic -r b2:my-bucket:path init # Google Cloud Storage restic -r gs:my-bucket:/ init # Azure Blob restic -r azure:my-container:/ init # MinIO (S3-compatible) restic -r s3:http://minio:9000/backup init # Rclone (any rclone backend) restic -r rclone:remote:path init # REST server (restic's own server) restic -r rest:http://host:8000/ init ``` ## Common Workflows ### Daily Backup Script ```bash #!/bin/bash export RESTIC_REPOSITORY="s3:s3.amazonaws.com/my-backups" export RESTIC_PASSWORD_FILE="/etc/restic/password" export AWS_ACCESS_KEY_ID="your-key" export AWS_SECRET_ACCESS_KEY="your-secret" # Backup restic backup /home /etc /var/lib/postgresql --exclude="*.tmp" --exclude=".cache" --exclude="node_modules" --tag daily # Prune old snapshots restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --keep-yearly 3 --prune # Verify integrity restic check # Notify echo "Backup completed: $(restic snapshots --latest 1 --json | jq -r '.[0].short_id')" ``` ### Browse & Restore ```bash # List all snapshots restic snapshots # Browse snapshot contents restic ls latest # Restore entire snapshot restic restore latest --target /tmp/restore # Restore specific files restic restore latest --target /tmp/restore --include "/home/user/documents" # Mount snapshot as filesystem (read-only) restic mount /mnt/restic-mount & ls /mnt/restic-mount/snapshots/latest/ ``` ### Retention Policies ```bash restic forget --keep-last 5 # Keep 5 most recent --keep-daily 7 # Keep 1 per day for 7 days --keep-weekly 4 # Keep 1 per week for 4 weeks --keep-monthly 12 # Keep 1 per month for 12 months --keep-yearly 5 # Keep 1 per year for 5 years --prune # Actually delete unreferenced data ``` ## Performance ``` Initial backup of 100GB: → ~30 minutes (depends on disk/network speed) Incremental backup (2GB changed): → ~2 minutes (only new/changed chunks) Deduplication ratio (typical): → 10 daily backups of 100GB ≈ 110GB stored (not 1TB) ``` ## Restic vs Alternatives | Feature | Restic | BorgBackup | Duplicati | Rclone | |---------|--------|------------|-----------|--------| | Language | Go | Python/C | C# | Go | | Encryption | AES-256 (always) | AES-256 | AES-256 | Crypt | | Deduplication | CDC chunks | CDC chunks | Block-level | None | | Compression | zstd (v0.14+) | lz4/zstd | Zip/7z | None | | Backends | 20+ | Local/SSH | 20+ (GUI) | 40+ | | GUI | No (CLI) | No (CLI) | Web UI | Web UI | | Platform | All | Linux/macOS | All | All | | Mount snapshots | Yes (FUSE) | Yes (FUSE) | No | Yes | ## 常见问题 **Q: Restic 和 BorgBackup 怎么选?** A: 两者都是优秀的去重备份工具。Restic 优势:Go 单二进制、原生支持 20+ 云存储后端、跨平台。Borg 优势:压缩更成熟(zstd 更早支持)、性能略高。如果需要备份到云端,选 Restic。如果只备份到本地/SSH,两者皆可。 **Q: 密码丢失怎么办?** A: 无法恢复。Restic 使用密码派生加密密钥,没有"忘记密码"功能。建议将密码存储在密码管理器中(如 Vaultwarden),并在安全位置保留纸质备份。 **Q: 可以自动化执行吗?** A: 是的。使用 cron 定时执行备份脚本。密码通过 `RESTIC_PASSWORD_FILE` 环境变量提供。也可以使用 resticprofile 工具简化配置管理。 ## 来源与致谢 - GitHub: [restic/restic](https://github.com/restic/restic) — 33K+ ⭐ | BSD-2-Clause - 官网: [restic.net](https://restic.net) --- Source: https://tokrepo.com/en/workflows/a1edbdb2-34d0-11f1-9bc6-00163e2b0d79 Author: Script Depot