type: service
status: active
timestamp: 2026-06-20
tags: [storage, backup, restic, oss, encryption, deduplication, primary]

restic

Encrypted, deduplicating backup CLI — weekly GH Actions cron to B2

restic

Role

The family’s backup engine. A single static-binary CLI (restic) snapshots local trees / repo dumps / Firestore exports into a content-addressed, encrypted, deduplicated repository. Pairs with Backblaze B2 as the storage backend per decisions/architecture/backup-restic-to-b2.md.

Run from a GitHub Actions schedule weekly cron — see runbooks/security/restic-backup-setup.md for the full setup.

Free tier

Card / subscription required?

NO. Pure OSS CLI. The only credentials it touches are the B2 app-key + the RESTIC_PASSWORD (the repo-encryption key), both sourced from Doppler at runtime.

How CI / cron consumes it

# .github/workflows/backup-weekly.yml (sketch — full version in runbook)
name: weekly-backup
on:
  schedule:
    - cron: '0 3 * * 0'   # Sundays 03:00 UTC
jobs:
  backup:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          curl -L https://github.com/restic/restic/releases/latest/download/restic_linux_amd64.bz2 \
            | bunzip2 > restic && chmod +x restic
      - run: ./restic backup ./data
        env:
          RESTIC_REPOSITORY: s3:s3.us-west-002.backblazeb2.com/${{ secrets.B2_BUCKET_NAME }}
          RESTIC_PASSWORD: ${{ secrets.RESTIC_PASSWORD }}
          AWS_ACCESS_KEY_ID: ${{ secrets.B2_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.B2_APPLICATION_KEY }}
      - run: ./restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune

Secrets resolve from Doppler → GitHub Secrets per security/secrets-management-doppler.md.

Alternatives

Swap cost

Low. The repository format is documented; if the family ever moves off restic, restic dump extracts every snapshot to plain files. Swapping the backend (B2 → R2 → some other S3) is a one-line RESTIC_REPOSITORY change.

Why this is our pick

Cross-refs


Edit on GitHub · Back to index