What i use more than whole restore is something from any single file - either something from esphome’s yaml, or templates, or… things like that. In this case it really helps if backup in on my local nas.
Ok, now backup is zipped, so when i want to extract a file whole thing is unzipped to temporary folder anyway, so i think that only difference now will be that it will be unencrypted at the same time.
Tom, you’re correct about samba addon functions. HA’s option aren’t there yet.
I’ll try with HA’s network drive again. I remember when it came out in 2023 i tried it (with share on synology nas) only to find out that it was pretty unreliable. I didn’t test it after that, so i hope/expect that it’s ok now.
I could imagine we could have more backup setups, some encrypted, some not. And on the backup.create one could provide the backup configuration to execute.
What, Samba backup days are numbered? where can i sign a petition to save it?
2 Likes
Like i said; it was back when it was introduced, i didn’t test it anymore after that. But, thanks, it’s good to hear that it’s rock solid now. That means i’ll be able to use it.
This sounds like an over/misread of a security audit.
It would also fail recoverability. If the user does not have the key (assume they won’t) they get locked out of what may be thier only way back.
I would default it on. as new feature default secure. And highly recommend- but give the USER - role backup admin /superadmin the ability to flip that checkbox off. (roles?) with a big red box saying hey it’ll be unencrypted but if yojr backup gets hacked that’s on you (in better language of course)
Maintains both secure by default, allows for transfer of responsibility if someone gets hacked through the backup (this smells of hundreds of feature arguments I’ve been in, yes I know someone somewhere wants to protect the fort just give a reliabile point where you can say they did it themselves - it’s thier darned environment… ) and respects user settings. IMHO.
(edit :and I totally agree with not allowing the encryption flag to be turned off in saving to cloud stores but this still requires selectable at service call…)
11 Likes
I played a bit with this new backup. I succesfully created a share on my Syno and created backup.
BUT… here comes “a problem”: backup is in .tar format, and at first it seems the same as old backup. First extracting goes without any problem (also without asking for a password!), inside there are a bunch of “tar.gz” files (same as in old backups). But, when i try to unzip “homeassistant.tar.gz” it fails, saying it can’t be opened as archive.
I use 7-zip manager for this, and i expected that it will ask me for a password, but nope…just error.
So, what format is it? If it’s any custom version then it’s even more useless (for me), since i mostly need my backups to extract a pieces of my old code, like things from config, templates, sensors… anything i tried to improve, but failed to do so, and also failed to make a backup before messing with it… So i find a file, open it with notepad and copy/paste old version. Can’t be much simpler…
1 Like
It is possible to use Google Backup without copying to Google and save it local without encryption. I tested on b2 on my test rpi. Hopefully they will not block that addon.
That’s old… if annoucements about mandatory encryption are true all these addons will stop working in January.
I installed “samba backup” on my 2025.01 test setup, ran it, and it still works - it creates UNencrypted backup file. So, perhaps all hopes are not lost for this addon. 
Normally I go with the flow on HA development as there are much smarter people than me steering this project.
I would, however, be seriously concerned if I was forced to have encrypted backups. As has already been mentioned, have it has a default but let us turn it off if we want.
I want to be able to browse a backup and retrieve a previous version of script/config etc. without involving a painful process.
~B
8 Likes
I don’t usually involve myself in beta conversations until at least 5 months after features have been introduced and ironed out, but this seems to be a massive breaking change.
Nathan’s suggestion seems to cover all bases. Judging by how long I’ve been reading his posts, he knows his shit stuff.
I’m absolutely fine with making encryption as a default (similar to how you get recommended to do a backup on every upgrade, no matter if you just backed up a minute ago). But PLEASE, do leave the option to save your backups unencrypted.
I really don’t want to say “I told you so” 3 months down the line when this onerous change is reverted.
11 Likes
This is really bad News. Shock.
Most of the Time, I use Backups to
- Extract and overwrite a yaml/config
- Duplicate Productive System to Dev System
I have my Backups -for Privacy and Security Reasons- Local on different Locations. Frequently, partially, less frequently full, with Auto Backup.
I really, really Hope I will not be forced to use a Way less configurable (thus highly increasing storage or less frequent Backups) Backup, that takes more CPU, where i always have to cross fingers that the Restore Key works, is never lost, and is definitely inconvenient to handle.
If it really needs to be baked in and forced, that Nabu Casa Cloud users have their backups automatically uploaded - make it mandatory for them to encrypt the Backups.
Please, please provide an Option to Opt-Out.
9 Likes
i am 10y user in the past of Fibaro 2 (and little bit 3)
ask me what was annoyed more? yes, encrypted backup + fibaro cloud. all backup files are encrypted using a hardware-specific info…
and what?
hello HASS, you are on a right track (irony)
And, again, like at esphome (api) it seems that we’ll be forced with HA’s created random password, not the one by our own choice… i like to know - memorize my passwords, what i hate most is some random passwords which can’t be memorized, so i have to write them down in some notepad file or similar… which makes all only less secure. I’m pretty sure that most (if not all) users will have downloaded password (rescure) file saved along in the same folder with backups on private/cloud server. Very secure indeed…
3 Likes
so since new addition it will not be possible to download backup and browse the content offline without decrypting with use of HA? really?
3 Likes
Correct. It is not how backups should be used (apparently). They are for doing a full restore only.
Additionally there is no longer an option to back up add-ons before updating them in case something goes wrong and you need to revert to a previous version.
4 Likes
Sorry…What?!
4 Likes
You have daily backups now. Apparently this is deemed sufficient.
Except of course they have not considered data loss from add-ons like InfluxDB and MariaDB. 
If my eyes roll back any further in my head I’m going to sever my optic nerves.
10 Likes
This is pure Horror.
I am really shocked and speechless.