A Short Borg Tutorial
Borg is the new generation of attic.
borg init --encryption=keyfile /path/to/repo~/Documents
borg create -C lz4 /path/to/repo::NAME-YOUR-BACKUP
Before you start creating backups, please make sure that there is always a good amount of free space on the filesystem that has your backup repository (and also on ~/.cache).
Default enabled with
borg init --encryption=none|repokey|keyfile PATH
When repository encryption is enabled, all data is encrypted using 256-bit AES encryption and the integrity and authenticity is verified using HMAC-SHA256.
repokey: key is stored inside the repository (
keyfile: key is stored under
In both modes, the key is stored in encrypted form and can be only decrypted by providing the correct passphrase.
Do not forget to backup the key (e.g. via
borg key export).
For automated backups the passphrase can be specified using the BORG_PASSPHRASE environment variable.
Be careful how you set the environment;
using the env command, a
system() call or using inline shell scripts
might expose the credentials in the process list directly
and they will be readable to all users on a system.
export in a shell script file should be safe, however,
as the environment of a process is accessible only to that user.
Also, using a shell command may leak the passphrase in shell history file.
For server backup, have a look at borgmatic.
borg create --compression lz4
lz4 since it is very fast.
If the repository is on a remote host with slow (dial-up) connection,
The default option is no compression.
Upgrade from attic
borg upgrade --inplace REPOSITORY
If a backup copy is required, omit the