Hi all:
Since all systems could have weaknesses, should make sense add 2 layers of encryption while we upload. I was thinking on adding Crypt option to rclone. Since name obfuscation may change original names I was thinking on no obfuscate filesnames but only encrypt content.
Therefore… What should be best option in this case?
A) kopia + Rclone Crypt (filenames+content)
B) kopia + Rclone Crypt (only content)
C) kopia + Rclone without Crypt since it can break kopia repo
Thanks
this is the best option. Rclone encryption (with or without file names) is transparent for program accessing decrypted remote. Of course it adds some processing overhead but on modern computers it is negligible.
BUT kopia + rclone combo is experimental and I would not use it for anything beyond experiments:)
If you have to use rclone (as kopia does not support your backend directly) my recommendation is to look for other backup programs like restic. Its rclone integration is working perfectly,
Thanks. My biggest concern is the fileneme obfuscation and possible corruption of the repo. I was using Restic many years but I had tons of performance problems.
Kopia on that is far superior, but Rclone integration is mandatory.
Why Rclone integration is not as solid as the Restic one?
Because it is experimental which is clearly stated in docs:) It uses rclone serve webdav in the background which is enough for proof of concept but inferior compared to restic which has bespoken API built into rclone.
Feel free to give it a try. For me it always ended in disaster with abysmal performance and sooner or later corrupted repository. Kopia + rclone today is waste of time IMO.
Rclone crypt or not is irrelevant here. It is transparent for kopia - with or without filenames encryption.
Well of course I need consistency on my backups. I gave up Restic long ago because of performance and the lack of GUI etc. Main issue with Kopia + Rclone is speed, reliability or both?
Again, it is experimental. If you want to experiment with your data then great. Please share your results.
Not OP, but since you’ve requested them to share their results, here are mine.
I’ve created a repository on GDrive on 2023/06. There are two ways to make this: natively and through Kopia’s Rclone repository option. As you’ve already said, Rclone is experimental. Unfortunately, so is the native support for GDrive. The former, however, supports both Kopia GUI and CLI, so I went with it.
In those 18 months, the 5.2 TB repository has been working fine, apparently. The backups (6 snapshots, currently 2 distinct machines, with 2 snapshots each, and 2 old snapshots of the same machines) run smoothly and show no errors. I do regular (every other month) 100% checks on it (using kopia snapshot verify --config-file= --verify-files-percent=100 --file-parallelism=20 --parallel=20) and never got an error. It does take a long time to complete the verification (~18 hours).
Would you go with the native, in this case (Google Drive repository)?
I would not bother with double encryption. Either you trust the encryption or you do not.
I also see the disadvantage of adding in rclone encryption as follows: Suppose for some reason there is a problem using rclone in conjunction with your repository (onedrive, dropbox, gdrive, whatever). If you have not layered on rclone encryption, you could download the files via some other method, and then point kopia at them to be able to restore or migrate the backup set. But if the files were encrypted with rclone crypt, you’d always have to have that layer in the middle. Seems like an extra layer of complication for little gain.