Automating backups on macOS without the UI

I’ve had a great experience using Kopia and Backblaze to back up my Mac. I don’t use the Kopia UI, which makes automating the backups a little tricky, so I wrote up some notes to future me on how to set it all up, and figured I’d post them here as well in case they’re useful for anyone else.

3 Likes

Liked the post, just one thing, once you have run over a number of directories you can just “kopia snapshot create --all” and it will figure out which dirs have been snapshotted before and do them all, instead of the loop over certain dirs in your script. This depends on if you want a random one-time snap to also become backed up nightly or not of course, but I usually suggest running with --all so that you don’t accidentally backup some dir but then it is not backed up during the automated backups later because you missed editing the script.

2 Likes

That’s good to know — thanks @IcePic!

Thanks for the article.

I tried modifying it to make it work with cron rather than LaunchAgent, however the cronjob keeps failing with Enter password to open repository even though running the script without cron works fine. I guess this has something to do with cron not having access to the keyring on macos, as it requires login. I’ll have to tinker around a bit more.

I had similar issue and solution was to use security find-generic-password CLI command to retrieve password from the keychain. Here some example.

1 Like

Awesome!

If you have a handy script available for kopia, would really appreciate it. security find-generic-password command requires the login item name and I can’t figure out by what name is it stored in the keychain.

search for “repository” in keychain

yes, I tried that, but it is giving me an invalid password error.

Here’s my snippet:

password=$(security find-generic-password -w -s 'repository.config-<repo_name>' -a 'user_name' '/Users/user_name/Library/Keychains/login.keychain-db')

/usr/local/bin/kopia snapshot create --password "$password" --all

yes because

security find-generic-password -w -s “repository.config-#######”

returns:

go-keyring-base64:xxxxxxxx

You have to decode base64 encoded “xxxxxxxx” to password itself.

This is how kopia stores passwords in macOS keychain.

Ah, silly me! Thanks for the heads up, will try and report back.