2025.01 beta: Backups encrypted?

The solution is really simple.

I dont have Nabu Casa subscription.

I have

• HA in a Proxmox VM,
• MariaDB in a separate Proxmox LXC container,
• InfluxDB in a separate Proxmox LXC container.

I have automated daily (unencrypted) backups at 03:00 of my HA VM, MariaDB LXC, InfluxDB LXC on my own disk.

I dont need any other HA or before-update backup, because if anything fails I only need to restore the previous (working) HA VM backup.

All data is ever up-to-date because MariaDB and InfluxDB is on a separate LXC container which I dont need to touch at a HA VM restore process.

Voila

This is awful. This is absolutely a breaking change and, IMO, an unforced error by the HA team.

The no backups before updating addons thing has already screwed me over. I updated HA a few days ago. I didn’t pay close attention to the changes to backups. Today, I updated an add-on without thinking much of it. Didn’t notice the backup option was gone because I always just leave it checked. Well, the update broke the add-on for me. So I went looking for the (nonexistent) backup thinking I could just revert it, no big deal. Nope, no recent backup to be found! Sure, my fault for not paying attention, but I can’t possibly be the only one with this issue. I feel like this is a pretty predictable outcome actually. But what do I know, I’m just some guy who specialized in UX design and HCI.

Another bone I have to pick with this: what even is the point of encrypting these backups? What could possibly be in there that would be valuable to a hypothetical hacker, that they couldn’t otherwise get from the system which they have clearly compromised at that point. Besides, I’m not exactly storing my SSN and credit card numbers in home assistant. I can’t really think of anything in my use case that I would be worried about if my system was compromised other than some camera streams and door controls, but those have nothing to do with backups anyway. Regardless of whether the risk is real or imagined (which I believe it largely is), I should be allowed to live ‘dangerously’ if I so choose.

Really hope they listen to the community on this one.

Addon backup should be made exactly right before you update it. Why?
Let’s say i make regular backups, so i do have latest backup. But now i go and spend whole day programming and changing my HA. In the evening an addon update appears and i update it. Which breaks my whole HA. NOW WHAT? Should i go back to 4:45 backup and destroy MY WHOLE DAY’S WORK? I can’t just revert to previous addon version, since it’s not there anymore… what a mess…

You can do a partial restore of only one addon from a full backup without disturbing history or HA.

Yeah, but you still end up with (perhaps too) old backup. Best is to have a backup right before update.

But at least they now know about the sexual and religious orientation of the community since the survey. I found those questions very odd

Back to the main topic: Luckily, I have a Synology docker setup that backs up the entire docker environment to Synology C2 every night (though even that is technically an unsupported HA installation since there are other docker containers running alongside HA ).

I’ll miss the automatic backup before an Add-On update. That’s already saved my ass a few times in the past.

over the past few years, there have been (IMO) some questionable decisions, but this one has the biggest impact so far.

Ideally, the first step should have been to implement a feature that notifies users after an update if they have ancient backups and asks if they’d like to clean them up. That was actually the a manual task that has occasionally been necessary in the past.

Its typical in UX design questions when trying to profile the user base. Typical UX design folk will try to abstract the user base into a group of ‘typical users’ or personas that represent the most common ways the software is used. We may not consider it now but personal habits including very personal ones sometimes need to be considered when designing personal software. I’d suspect they will group the answers by whatever demographics fit the personas they come up with out of the survey

TL;DR. Didn’t find that part out of context. Just. Probably needs some additional explanation for people who do t live in the software industry for a living…

Agree. And I think I pointed this out in another thread somewhere. I can’t remember anymore. Age is catching me

I need to throw my hat in the ring here.

I too work in InfoSec.
Thank you to those with awesome relevant posts outlining practical experience from production environments.

The bottom line is that forcing encrypted backups on users is most certainly a disservice to the community and does not increase security in any practical way. Encryption keys will be improperly stored by all but the most savvy users. I GUARANTEE IT.

This just feels like a CYA move more than anything. I’m failing to see how this will provide any real value to the community. To be clear, my argument is NOT to negate the value of encrypted backups, but to challenge the decision to force it. Every environment is different and with the focus on providing customizability and uniqueness in HA, this move really has my head spinning.

Let’s not forget that at its core, security is about reducing the risk of unauthorized disclosure, modification, or denial of access to data. If this solution has the net impact of locking people out of their data down the road for the reasons touched on in this thread, these changes actually increase risk not reduce it.

Nothing is 100% secure.
Nothing is 100% risk free.
If it’s so secure that that no one can use it then it isn’t secure at all.

And what makes above claim even more true is the fact that encryption key is randomly-generated gibberish and not a word by our choice. If we could enter our own password then majority of users would enter phrase they remember, eliminating the need to be written down. But this way 90% of keys will be stored in the same folder as backups. As plain text file.

I did some testing when 2025.1 was still beta. Guess where my downloaded txt file with password is saved…

I dont think it’s a bad thing to generate a random string for the “key”. At this point I’m assuming it’s a pass phrase which isn’t the actual key. Less predictable passwords/phrases are a good thing but the user should absolutely have a choice. Something as intimate as user backup encryption should present options to the user for them decide how far they want to take it.

If there is a specific cloud hosting platform that has specific storage requirements, those storage requirements should be implemented at the point of integration for that specific product.

It feels really cheap to shoe horn the entire community into one way of doing things for a niche part of the platform’s offerings.

+1 Please remove encryption requirement for network backups! This is highly inconvenient if we ever need to use one!

Ok, I would like to add some valid feedback, for myself personally, and what I see happening in daily life, I am a Customer Support Rep, bascially I do tech support for many different systems, presently I am doing hardware storage support.

One of the biggest drivers we have with lost data believe it or not, is is not the hardware failing but the backup or drive being encrypted.

Its all great saying keep a backup of your key, practically when you need your backup, usually something catastrophic has happened and access to certain information is not available, failed drive with your data on, compromised email (everything is deleted), lost email access, email has expired no longer available.

I would guess over 50% of the people just want a simple backup button, they do not need encryption, as everything is internal, should something happen to the network(compromised), its already to late.

Due to this, I usually always recommend that no one use a password for a backup of the system, to many variables in the works, for a 1 piece of data lost, you loose everything.

Have the option to turn on and off the backup encryption, many of us, and maybe even the majority of us, do not require it or even need it.

I will stick with my remote backups to Google drive, most likely add One Drive to this as well, as I cannot trust a backup system that is encrypting data without an option to turn it off.

My Local data is on an encrypted drive already, for me so the HA encrypting my data is pointless, I would spend more time on locking down the web gui that is usually the main point of attack for HA, if someone has got into your system to get the backup, its already way to late.

just my thoughts.

Keep up the great work.