My Kludge'y Backups

Published: 2021-03-28
Tagged: linux software

If you're like me, you've collected a bucket-load of important files over the years. Passwords, private keys, tax documents, OTP tokens, leases–all the good stuff. If the drive in my laptop failed, these documents would disappear. That would make the next couple of beautiful, spring weekends suck because I would be getting these documents back.

There are many ways to avoid this risk. A few even seem trustworthy. But what's the point of spending thousands of hours learning how-2-computer if you're going to go with someone else's kludge?

So, after a few walks and showers, an idea began taking shape in my mind: a secure, reliable, and easy to use system to back up sensitive data.

Here's what I came up with:

  1. For security, put all the files in a LUKS file container and secure it with a long password.
  2. For reliability, copy the file container to multiple locations:
    1. A flash drive in my backpack.
    2. An SD card in my car.
    3. Another flash drive (on my desk - to be allocated).
    4. On a RaspberryPi 3B+ that lives in my kitchen.
    5. On a VPS a thousand miles away.
    6. On my laptop.
  3. For ease of use I... well damn, the whole "pick-2-of-3-CAP-theorem-style" thing strikes again! Here's how it goes:
    1. Update existing files or add new ones to the LUKS container on my laptop.
    2. Semi-frequently rsync the file container to the RaspberryPi and VPS.
    3. About once a month, collect the flash drives and SD card and rsync the container to them.

The need to physically collect the flash media makes this setup a little cumbersome. However, because I keep so many copies, I can always rsync at least one of them. That's fine–in case my laptop self-combusts, I will have at least one good, recent copy of the LUKS container.

The setup has one more advantage that I like very much: it's based on open source tools like cryptsetup and rsync. Because of this, I don't have to worry that a service provider will shut down or change their terms of service in a year or five.


There aren't any comments here.

Add new comment