Automating backups on macOS without the UI

hmarr · June 11, 2023, 4:08pm

I’ve had a great experience using Kopia and Backblaze to back up my Mac. I don’t use the Kopia UI, which makes automating the backups a little tricky, so I wrote up some notes to future me on how to set it all up, and figured I’d post them here as well in case they’re useful for anyone else.

IcePic · June 13, 2023, 6:20am

Liked the post, just one thing, once you have run over a number of directories you can just “kopia snapshot create --all” and it will figure out which dirs have been snapshotted before and do them all, instead of the loop over certain dirs in your script. This depends on if you want a random one-time snap to also become backed up nightly or not of course, but I usually suggest running with --all so that you don’t accidentally backup some dir but then it is not backed up during the automated backups later because you missed editing the script.

hmarr · June 13, 2023, 8:25pm

That’s good to know — thanks @IcePic!

siddharthagolu · June 15, 2023, 4:28am

Thanks for the article.

I tried modifying it to make it work with cron rather than LaunchAgent, however the cronjob keeps failing with Enter password to open repository even though running the script without cron works fine. I guess this has something to do with cron not having access to the keyring on macos, as it requires login. I’ll have to tinker around a bit more.

kapitainsky · June 15, 2023, 5:19am

I had similar issue and solution was to use security find-generic-password CLI command to retrieve password from the keychain. Here some example.

siddharthagolu · June 15, 2023, 7:17am

Awesome!

If you have a handy script available for kopia, would really appreciate it. security find-generic-password command requires the login item name and I can’t figure out by what name is it stored in the keychain.

kapitainsky · June 15, 2023, 7:32am

search for “repository” in keychain

siddharthagolu · June 15, 2023, 7:40am

yes, I tried that, but it is giving me an invalid password error.

Here’s my snippet:

password=$(security find-generic-password -w -s 'repository.config-<repo_name>' -a 'user_name' '/Users/user_name/Library/Keychains/login.keychain-db')

/usr/local/bin/kopia snapshot create --password "$password" --all

kapitainsky · June 15, 2023, 7:48am

yes because

security find-generic-password -w -s “repository.config-#######”

returns:

go-keyring-base64:xxxxxxxx

You have to decode base64 encoded “xxxxxxxx” to password itself.

This is how kopia stores passwords in macOS keychain.

siddharthagolu · June 15, 2023, 7:50am

Ah, silly me! Thanks for the heads up, will try and report back.

Topic		Replies	Views
Can't run from cron on Mac Support	3	934	June 27, 2023
MacOS daily backups not running Support	1	209	July 22, 2023
MacOS backup on wake General Topics	0	291	May 13, 2023
How to use the credentials stored in the keyring/credential manager? General Topics	12	555	March 4, 2024
Basics questions - Thanks for your time General	13	4787	January 11, 2021

Automating backups on macOS without the UI

Related topics