Integrate Restic with Backblaze B2
    • Dark

    Integrate Restic with Backblaze B2

    • Dark

    Article summary

    Restic is an open-source backup tool that works with local storage, network-attached storage (NAS) devices, and Backblaze B2 Cloud Storage. Restic uses snapshots and block-level deduplication, along with complex indexing to allow for quick restores. All this while taking minimal storage space. You can use one Restic repository to contain the snapshots from one or multiple hosts because the host information is stored in the snapshot index.

    You can configure Restic to back up to Backblaze B2 using the S3-Compatible API.

    For more information about how to use Restic backups including options, creating schedules, and retention periods, click here.

    For a list of all of the Restic environment variables, click here.

    Enable Backblaze B2

    Before you begin: You must have a Backblaze B2 Cloud Storage account. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.

    1. Sign in to the Backblaze web console.
    2. In the user menu in the upper-right corner of the page, select My Settings.
    3. Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
    4. Review the Terms and Conditions, and click OK to accept them. 

    Create a Bucket

    1. Sign in to the Backblaze web console.
    2. In the left navigation menu under B2 Cloud Storage, click Buckets.
    3. Click Create a Bucket.
    4. Enter a name for your bucket. Bucket names must be at least six characters and globally unique.
      A message is displayed if your bucket name is already in use.
    5. Select a privacy setting: Private or Public. Files that are in a private bucket require authentication to perform an action, for example, downloading. Public buckets do not require authentication so you can easily share files. You can change a bucket's privacy settings at any time.
    6. If applicable, enable a Backblaze B2 server-side encryption key.
    7. Enable Object Lock to restrict a file from being modified or deleted for a specified period of time.
    8. Click Create a Bucket, and copy the value that is in the Endpoint field; you will need this value later.
    9. Click Lifecycle Settings to control how long to keep the files in your new bucket.
    If this is your first time creating a public bucket, complete the following tasks to ensure that you have the correct permissions to create a public bucket:

    1. Verify your email address.
    2. Have a payment history on file, or use the credit card form to pay a small fee that is credited to your account balance.
    After you create your bucket, detailed information is displayed including your endpoint URL (for example, Make a note of this URL because you will use it when you define the RESTIC_REPOSITORY variable in another step.

    Create an Application Key

    Application keys control access to your Backblaze B2 Cloud Storage account and the buckets that are contained in your account.

    1. Sign in to the Backblaze web console.
    2. In the left navigation menu under B2 Cloud Storage, click Application Keys.
    3. Click Add a New Application Key, and enter an app key name.
      You cannot search an app key by this name; therefore, app key names are not required to be globally unique.
    4. Select All or a specific bucket in the Allow Access to Bucket(s) dropdown menu.
    5. Optionally, select your access type (Read and Write, Read Only, or Write Only).
    6. Optionally, select the Allow List All Bucket Names checkbox (required for the B2 Native API b2_list_buckets and the S3-Compatible API S3 List Buckets operations).
    7. Optionally, enter a file name prefix to restrict application key access only to files with that prefix. Depending on what you selected in step #4, this limits application key access to files with the specified prefix for all buckets or just the selected bucket.
    8. Optionally, enter a positive integer to limit the time, in seconds, before the application key expires. The value must be less than 1000 days (in seconds).
    9. Click Create New Key, and note the resulting keyID and applicationKey values.
    When you create a new app key, the response contains the actual key string, for example N2Zug0evLcHDlh_L0Z0AJhiGGdY. You can always find the keyID on this page, but for security, the applicationKey appears only once. Make sure you copy and securely save this value elsewhere.

    Install Restic

    You can install Restic from source code or binaries that you can download from GitHub. You can also install Restic using a local package manager on most operating systems. However, this article focuses on the Linux and Mac operating systems. Restic is available on Windows, but some features may not be available.

    Filesystem in the userspace (FUSE) is required to mount the snapshot backups, which is one of the restore options. FUSE is installed with many Linux distributions by default. If your installation does not include FUSE, you must install it to enable this restore option.

    1. Install Restic for your operating system.
      • Redhat/CentOS
        sudo yum install restic
      • Ubuntu/Debian
        sudo apt install restic
      • macOS
        brew install restic
    2. Ensure that Restic is on the latest version:
      restic self-update

    Configure Restic

    To simplify the use of Restic, Backblaze recommends that you define the Restic environment variables that you need in a file, such as /etc/restic-env. This eliminates the need to pass every parameter each time you run Restic.

    1. Save the following environment variables to a file.
      export AWS_ACCESS_KEY_ID=<B2_KEY_ID>
      export AWS_SECRET_ACCESS_KEY=<B2_ApplicationKey>
      export RESTIC_REPOSITORY=""
      export RESTIC_PASSWORD_FILE=/etc/restic-password
      The /etc/restic-password can contain one line with the password, for example, mYsEcureP@$$word.
    2. Secure the Restic files so that only root or a user who you create can see the files.
      chown root:root /etc/restic-env
      chown root:root /etc/restic-password
      chmod 700 /etc/restic-env
      chmod 700 /etc/restic-password
    3. Before you run any Restic commands, load the environment variables with the following command. You can add this command to your login profile (for example, ~.bashrc) so that the Restic variables are always defined.
      source /etc/restic-env
    4. Initialize the repository.
      source /etc/restic-env
      restic -r init
      created restic repository 1f669fd85e at
      Please note that knowledge of your password is required to access
      the repository. Losing your password means that your data is
      irrecoverably lost.

    Create a Backup

    The following example shows you how to back up the directory /etc.

    restic -r \
     backup /etc
    repository 1f669fd8 opened (version 2, compression level auto)
    no parent snapshot found, will read all files
    Files:         872 new,     0 changed,     0 unmodified
    Dirs:          257 new,     0 changed,     0 unmodified
    Added to the repository: 3.369 MiB (1.097 MiB stored)
    processed 872 files, 2.788 MiB in 0:04
    snapshot 20ee6d7b saved

    Since you defined the RESTIC_REPOSITORY variable, you do not need to add -r to your Restic commands.

    The second backup backs up only the changed files since it uses block-level deduplication. There are no changed files yet, so no files are backed up.

    restic backup /etc
    repository 1f669fd8 opened (version 2, compression level auto)
    using parent snapshot 20ee6d7b
    Files:           0 new,     0 changed,   872 unmodified
    Dirs:            0 new,     0 changed,   257 unmodified
    Added to the repository: 0 B   (0 B   stored)
    processed 872 files, 2.788 MiB in 0:02
    snapshot 17bd5648 saved

    Backing up with tags is a useful way to identify your snapshots, identify which hosts they are from, and later prune unneeded snapshots. In the following example, a Windows server message block (SMB) share is backed up on a Linux machine.

    restic --tag Windows backup /mnt/WindowsData
    repository 1f669fd8 opened (version 2, compression level auto)
    no parent snapshot found, will read all files
    Files:         388 new,     0 changed,     0 unmodified
    Dirs:           20 new,     0 changed,     0 unmodified
    Added to the repository: 38.595 GiB (36.520 GiB stored)
    processed 388 files, 42.157 GiB in 13:43
    snapshot e230caa6 saved

    List all Restic Snapshots (Backups)

    To list of all the snapshots that you have, along with their data and time stamps and optional tags, run the following command:

    restic snapshots
    repository 1f669fd8 opened (version 2, compression level auto)
    ID        Time                 Host        Tags        Paths
    20ee6d7b  2023-07-19 05:59:35  restic-s3               /etc
    17bd5648  2023-07-19 06:00:34  restic-s3               /etc
    e230caa6  2023-07-19 06:07:16  restic-s3   Windows     /mnt/WindowsData

    Restore Files

    There are two methods to restore your files.

    Restore a Snapshot to a Directory

    To restore a snapshot to a directory, supply the snapshot ID and specify the target directory. Restic restores all of the files from the backup, with their full paths, starting under that directory.

    restic restore 20ee6d7b  --target /tmp/restore
    repository 1f669fd8 opened (version 2, compression level auto)
    restoring <Snapshot 20ee6d7b of [/etc] at 2023-07-19 05:58:07.145565492 -0700 PDT by root@restic-s3> to /tmp/restore

    Mount and Browse the Snapshot

    Another method to restore files is to mount the snapshot database, browse to the backup that you want, and copy files from the mount point to any destination. 

    1. Create a mount point for the Restic snapshots.
      mkdir /mnt/restic
    2. Mount the snapshots, and browse to them.
      When you run the mount command, start another SSH or terminal session. Alternately, run the mount command in the background by appending the & sign.
      restic mount /mnt/restic &
      ls /mnt/restic
      hosts  ids  snapshots  tags
    3. To browse backups by the host from which they were backed up, the snapshot ID, the date and time stamp, or the tags, Navigate to the directory of the Windows Snapshot using the ID.
      cd /mnt/restic/ids/e230caa6
      cd mnt/WindowsData/
    4. To copy a PowerShell script (install-choco.ps1) to a TMP file, enter a copy command.
      cp install-choco.ps1 /tmp

    Check Repository Health

    Backblaze recommends that you periodically check the health of your Restic repository.

    restic check
    using temporary cache in /tmp/restic-check-cache-1883231651
    repository 1f669fd8 opened (version 2, compression level auto)
    created new cache in /tmp/restic-check-cache-1883231651
    create exclusive lock for repository
    load indexes
    check all packs
    check snapshots, trees and blobs
    [0:00] 100.00%  5 / 5 snapshots
    no errors were found

    Was this article helpful?