# duplicity — Encrypted, Incremental Backups

> Encrypted, bandwidth-efficient backups via the rsync algorithm: GPG-encrypted incremental tar archives to local or remote storage (S3, SFTP, B2).

Source: https://www.jpkc.com/db/en/cheatsheets/backup-sync/duplicity/

<!-- PROSE:intro -->
duplicity bundles three things you rarely get together in a backup tool: incremental backups via the rsync algorithm, GPG encryption, and a wide range of backends – from a local directory through SFTP and FTP to S3, Backblaze B2 or Google Drive. That lets you back up space-efficiently and encrypted to almost any target without having to trust the storage provider. This guide walks you through the commands you reach for most – from your first full backup through restores to pruning old backup sets.
<!-- PROSE:intro:end -->

## Create Backups

`duplicity <source> <target>` — Create an incremental backup (full if first run).

```bash
duplicity /home/user file:///backup/home
```

`duplicity full <source> <target>` — Force a full backup.

```bash
duplicity full /var/www file:///backup/www
```

`duplicity incr <source> <target>` — Force an incremental backup.

```bash
duplicity incr /var/www file:///backup/www
```

`duplicity --full-if-older-than <time> <source> <target>` — Do a full backup if the last full is older than the specified time.

```bash
duplicity --full-if-older-than 30D /home/user file:///backup/home
```

`duplicity --exclude '<pattern>' <source> <target>` — Exclude files or directories matching a pattern.

```bash
duplicity --exclude '**/.cache' --exclude '**/node_modules' /home/user file:///backup/home
```

## Restore

`duplicity restore <target> <dest>` — Restore the latest backup to a directory.

```bash
duplicity restore file:///backup/home /tmp/restore
```

`duplicity restore --time <time> <target> <dest>` — Restore from a specific point in time.

```bash
duplicity restore --time 3D file:///backup/home /tmp/restore
```

`duplicity restore --file-to-restore <path> <target> <dest>` — Restore a specific file or directory.

```bash
duplicity restore --file-to-restore Documents/important.pdf file:///backup/home /tmp/important.pdf
```

`duplicity --force restore <target> <dest>` — Force restore (overwrite existing files).

```bash
duplicity --force restore file:///backup/www /var/www
```

## Remote Backends

`duplicity <source> sftp://<user>@<host>/<path>` — Backup to a remote server via SFTP.

```bash
duplicity /var/www sftp://backup@server//backup/www
```

`duplicity <source> s3://s3.<region>.amazonaws.com/<bucket>/<path>` — Backup to Amazon S3.

```bash
duplicity /home/user s3://s3.eu-west-1.amazonaws.com/my-backups/home
```

`duplicity <source> ftp://<user>@<host>/<path>` — Backup to an FTP server.

```bash
duplicity /var/www ftp://backupuser@ftp.example.com/backups/www
```

`duplicity <source> gdocs://<user>@gmail.com/<folder>` — Backup to Google Drive.

```bash
duplicity /home/user gdocs://user@gmail.com/backups/home
```

`duplicity <source> b2://<account>@<bucket>/<path>` — Backup to Backblaze B2.

```bash
duplicity /data b2://account123@my-bucket/data
```

## Encryption

`PASSPHRASE='<pass>' duplicity <source> <target>` — Encrypt with a passphrase (symmetric GPG encryption).

```bash
PASSPHRASE='mysecret' duplicity /data file:///backup/data
```

`duplicity --encrypt-key <gpg-key> <source> <target>` — Encrypt with a GPG public key.

```bash
duplicity --encrypt-key ABCD1234 /data file:///backup/data
```

`duplicity --no-encryption <source> <target>` — Disable encryption (not recommended for remote).

```bash
duplicity --no-encryption /data file:///backup/data
```

## Management & Info

`duplicity collection-status <target>` — Show backup chain status and statistics.

```bash
duplicity collection-status file:///backup/home
```

`duplicity list-current-files <target>` — List files in the latest backup.

```bash
duplicity list-current-files file:///backup/home
```

`duplicity verify <target> <source>` — Verify backup integrity against source files.

```bash
duplicity verify file:///backup/home /home/user
```

`duplicity remove-older-than <time> <target>` — Remove backups older than the specified time (permanently deletes old backup sets).

```bash
duplicity remove-older-than 90D --force file:///backup/home
```

`duplicity remove-all-but-n-full <n> <target>` — Keep only the last N full backup chains (permanently deletes older ones).

```bash
duplicity remove-all-but-n-full 3 --force file:///backup/home
```

`duplicity cleanup <target>` — Remove orphaned backup files (deletes permanently).

```bash
duplicity cleanup --force file:///backup/home
```

<!-- PROSE:outro -->
## Conclusion

duplicity is a solid choice when you need encrypted, space-efficient backups pushed to remote targets without trusting the provider. Treat your passphrase or GPG key with extra care: lose it and the backups are gone for good – and only pass `PASSPHRASE` via the environment where the process list can't be read by others. The pruning commands `remove-older-than`, `remove-all-but-n-full` and `cleanup` delete old backup sets permanently – double-check the target before every `--force`.

## Further Reading

- [duplicity – official project site](https://duplicity.us/) – downloads, news and getting started
- [duplicity manual (man page)](https://duplicity.us/docs.html) – full reference for commands, backends and options
<!-- PROSE:outro:end -->

## Related Commands

- [borgbackup](https://www.jpkc.com/db/en/cheatsheets/backup-sync/borgbackup/) – deduplicating, compressed and encrypted backups
- [rclone](https://www.jpkc.com/db/en/cheatsheets/backup-sync/rclone/) – sync files with many cloud storage providers
- [rdiff-backup](https://www.jpkc.com/db/en/cheatsheets/backup-sync/rdiff-backup/) – rsync-style incremental backups with version history