I’ve had a great experience using Kopia and Backblaze to back up my Mac. I don’t use the Kopia UI, which makes automating the backups a little tricky, so I wrote up some notes to future me on how to set it all up, and figured I’d post them here as well in case they’re useful for anyone else.
Liked the post, just one thing, once you have run over a number of directories you can just “kopia snapshot create --all” and it will figure out which dirs have been snapshotted before and do them all, instead of the loop over certain dirs in your script. This depends on if you want a random one-time snap to also become backed up nightly or not of course, but I usually suggest running with --all so that you don’t accidentally backup some dir but then it is not backed up during the automated backups later because you missed editing the script.
That’s good to know — thanks @IcePic!
Thanks for the article.
I tried modifying it to make it work with cron rather than LaunchAgent, however the cronjob keeps failing with Enter password to open repository
even though running the script without cron works fine. I guess this has something to do with cron not having access to the keyring on macos, as it requires login. I’ll have to tinker around a bit more.
I had similar issue and solution was to use security find-generic-password
CLI command to retrieve password from the keychain. Here some example.
Awesome!
If you have a handy script available for kopia, would really appreciate it. security find-generic-password
command requires the login item name and I can’t figure out by what name is it stored in the keychain.
search for “repository” in keychain
yes, I tried that, but it is giving me an invalid password error.
Here’s my snippet:
password=$(security find-generic-password -w -s 'repository.config-<repo_name>' -a 'user_name' '/Users/user_name/Library/Keychains/login.keychain-db')
/usr/local/bin/kopia snapshot create --password "$password" --all
yes because
security find-generic-password -w -s “repository.config-#######”
returns:
go-keyring-base64:xxxxxxxx
You have to decode base64 encoded “xxxxxxxx” to password itself.
This is how kopia stores passwords in macOS keychain.
Ah, silly me! Thanks for the heads up, will try and report back.