Tarsnap is a cloud backup company that emphasize strong cryptography. It’s the brainchild of Dr. Colin Percival, former FreeBSD security officer. Its motto is “online backups for the truly paranoid” and Tarsnap has been in business since 2008.
Tarsnap uses an open, documented cryptographic design that securely encrypts your files. The command-line client is perfect for Linux VPSes and uses a familiar tar syntax. On the back end, backups are stored on Amazon S3 and Tarsnap uses variable-length, deduplicated blocks of data. So if you change a file, only the changes to that file are backed up, not the entire file (like rsync).
Suppose you have a directory with 100MB of files and a 5% daily change rate. If you create a Tarsnap archive every day, you will see the following:
Monday (initial): 100MB archive created (100MB uploaded, 100MB stored) Tuesday: 10MB archive created (5MB new data uploaded, 105MB total data stored) Wednesday: 10MB archive created (5MB new data uploaded, 110MB total data stored)
If you then delete your Monday backup, the Tuesday archive will be made complete by retaining whatever Monday files are needed. It’s a very flexible system.
Tarsnap is not the cheapest backup solution by any means, but it does provide robustly secure files.
First, register at tarsnap.com, deposit some funds in your account, and download the client.
The client is available as a .deb, .rpm, etc. or you can get the source code. The source installs cleanly with the usual untar/configure/make install.
Be sure to open port 9279 via TCP, which is what tarsnap communicates on.
The tarsnap configuration file is in /etc/tarsnap.conf. You probably don’t need to change anything there, but you do need to register your system.
To this, using my email and setting up on a system called server1:
root@server1:~# tarsnap-keygen --keyfile /root/tarsnap.key --user firstname.lastname@example.org --machine server1 Enter tarsnap account password:
Note that the argument to –machine is just a name for the usage reports.
Note that you need to keep your key file (/root/tarsnap.key) safe!. If you lose this, you won’t be able to access your backups.
Now that you’re setup, you can create backups. Tarsnap comes with a robust man page (‘man tarsnap’) or run tarsnap -h for a short summary.
I’ve created a directory called /data and populated it with some data. To back it up, I use tarsnap cf (create file – same syntax as tar):
root@server1:/data# tarsnap cf data.20200703 /data tarsnap: Removing leading '/' from member names Total size Compressed size All archives 102201669 102668723 (unique data) 102201669 102668723 This archive 102201669 102668723 New data 102201669 102668723
I can list archives (tars):
root@server1:/data# tarsnap --list-archives data.20200703
And use (as you might expect) tarsnap tf to list the files in an archive:
root@server1:/data# tarsnap tf data.20200703 data/ data/free stock photos/ data/Travel/ data/Travel/March Trip.pdf data/free stock photos/Dew-on-a-spiderweb-in-the-Fall.zip data/free stock photos/Lonely-Key-Island.zip data/free stock photos/Submarine-Dials-2.zip (etc.)
The next day, I add some more data and create a new archive:
root@server1:/data# tarsnap cf data.20200704 /data tarsnap: Removing leading '/' from member names Total size Compressed size All archives 257155378 250038933 (unique data) 154994247 147400577 This archive 154953709 147370210 New data 52792578 44731854
So I added a new 52,792,578 bytes. Overall, I have 250MB stored, but it compresses and dedupes down to about 147MB. You can see your total usage at any time via –print-stats:
root@server1:/data# tarsnap --print-stats Total size Compressed size All archives 257155378 250038933 (unique data) 154994247 147400577
Finally, if I want to delete an archive, I use tarsnap df:
root@server1:/data# tarsnap df data.20200703 Total size Compressed size All archives 154953709 147370210 (unique data) 154953709 147370210 This archive 102201669 102668723 Deleted data 40538 30367