A Short Borg Tutorial

Borg is the new generation of attic.

borg init --encryption=keyfile /path/to/repo
borg create -C lz4 /path/to/repo::NAME-YOUR-BACKUP ~/Documents

Free space

Before you start creating backups, please make sure that there is always a good amount of free space on the filesystem that has your backup repository (and also on ~/.cache).


Default enabled with repokey method.

borg init --encryption=none|repokey|keyfile PATH

When repository encryption is enabled, all data is encrypted using 256-bit AES encryption and the integrity and authenticity is verified using HMAC-SHA256.

In both modes, the key is stored in encrypted form and can be only decrypted by providing the correct passphrase.

Do not forget to backup the key (e.g. via borg key export).

For automated backups the passphrase can be specified using the BORG_PASSPHRASE environment variable.

Be careful how you set the environment; using the env command, a system() call or using inline shell scripts might expose the credentials in the process list directly and they will be readable to all users on a system. Using export in a shell script file should be safe, however, as the environment of a process is accessible only to that user. Also, using a shell command may leak the passphrase in shell history file.

For server backup, have a look at borgmatic.


borg create --compression lz4

I prefer lz4 since it is very fast. If the repository is on a remote host with slow (dial-up) connection, I recommend lzma instead. The default option is no compression.

Upgrade from attic

borg upgrade --inplace REPOSITORY

If a backup copy is required, omit the --inplace option.

Hosted Services