duplicity — Encrypted, Incremental Backups
Encrypted, bandwidth-efficient backups via the rsync algorithm: GPG-encrypted incremental tar archives to local or remote storage (S3, SFTP, B2).
duplicity bundles three things you rarely get together in a backup tool: incremental backups via the rsync algorithm, GPG encryption, and a wide range of backends – from a local directory through SFTP and FTP to S3, Backblaze B2 or Google Drive. That lets you back up space-efficiently and encrypted to almost any target without having to trust the storage provider. This guide walks you through the commands you reach for most – from your first full backup through restores to pruning old backup sets.
Create Backups
duplicity <source> <target> — Create an incremental backup (full if first run).
duplicity /home/user file:///backup/homeduplicity full <source> <target> — Force a full backup.
duplicity full /var/www file:///backup/wwwduplicity incr <source> <target> — Force an incremental backup.
duplicity incr /var/www file:///backup/wwwduplicity --full-if-older-than <time> <source> <target> — Do a full backup if the last full is older than the specified time.
duplicity --full-if-older-than 30D /home/user file:///backup/homeduplicity --exclude '<pattern>' <source> <target> — Exclude files or directories matching a pattern.
duplicity --exclude '**/.cache' --exclude '**/node_modules' /home/user file:///backup/homeRestore
duplicity restore <target> <dest> — Restore the latest backup to a directory.
duplicity restore file:///backup/home /tmp/restoreduplicity restore --time <time> <target> <dest> — Restore from a specific point in time.
duplicity restore --time 3D file:///backup/home /tmp/restoreduplicity restore --file-to-restore <path> <target> <dest> — Restore a specific file or directory.
duplicity restore --file-to-restore Documents/important.pdf file:///backup/home /tmp/important.pdfduplicity --force restore <target> <dest> — Force restore (overwrite existing files).
duplicity --force restore file:///backup/www /var/wwwRemote Backends
duplicity <source> sftp://<user>@<host>/<path> — Backup to a remote server via SFTP.
duplicity /var/www sftp://backup@server//backup/wwwduplicity <source> s3://s3.<region>.amazonaws.com/<bucket>/<path> — Backup to Amazon S3.
duplicity /home/user s3://s3.eu-west-1.amazonaws.com/my-backups/homeduplicity <source> ftp://<user>@<host>/<path> — Backup to an FTP server.
duplicity /var/www ftp://backupuser@ftp.example.com/backups/wwwduplicity <source> gdocs://<user>@gmail.com/<folder> — Backup to Google Drive.
duplicity /home/user gdocs://user@gmail.com/backups/homeduplicity <source> b2://<account>@<bucket>/<path> — Backup to Backblaze B2.
duplicity /data b2://account123@my-bucket/dataEncryption
PASSPHRASE='<pass>' duplicity <source> <target> — Encrypt with a passphrase (symmetric GPG encryption).
PASSPHRASE='mysecret' duplicity /data file:///backup/dataduplicity --encrypt-key <gpg-key> <source> <target> — Encrypt with a GPG public key.
duplicity --encrypt-key ABCD1234 /data file:///backup/dataduplicity --no-encryption <source> <target> — Disable encryption (not recommended for remote).
duplicity --no-encryption /data file:///backup/dataManagement & Info
duplicity collection-status <target> — Show backup chain status and statistics.
duplicity collection-status file:///backup/homeduplicity list-current-files <target> — List files in the latest backup.
duplicity list-current-files file:///backup/homeduplicity verify <target> <source> — Verify backup integrity against source files.
duplicity verify file:///backup/home /home/userduplicity remove-older-than <time> <target> — Remove backups older than the specified time (permanently deletes old backup sets).
duplicity remove-older-than 90D --force file:///backup/homeduplicity remove-all-but-n-full <n> <target> — Keep only the last N full backup chains (permanently deletes older ones).
duplicity remove-all-but-n-full 3 --force file:///backup/homeduplicity cleanup <target> — Remove orphaned backup files (deletes permanently).
duplicity cleanup --force file:///backup/homeConclusion
duplicity is a solid choice when you need encrypted, space-efficient backups pushed to remote targets without trusting the provider. Treat your passphrase or GPG key with extra care: lose it and the backups are gone for good – and only pass PASSPHRASE via the environment where the process list can't be read by others. The pruning commands remove-older-than, remove-all-but-n-full and cleanup delete old backup sets permanently – double-check the target before every --force.
Further Reading
- duplicity – official project site – downloads, news and getting started
- duplicity manual (man page) – full reference for commands, backends and options
Related Commands
- borgbackup – deduplicating, compressed and encrypted backups
- rclone – sync files with many cloud storage providers
- rdiff-backup – rsync-style incremental backups with version history