Requiring encryption keys for backups is incredibly frustrating, and I urge you to backout this change ASAP.
End-users are the best to decide how to keep their data secure.
I am a data-security professional, and the best way I choose to keep my data safe is by making sure my backups are accessible. This means ensuring their reliability, and I choose to keep mine unencrypted to increase reliability.
I am the best person to decide my data-security practices. I am more than capable of keeping my backups safe.
By requiring encrypted keys on backups you are only requiring us to find non-standard backup solutions.
Please make the encryption keys on backups OPTIONAL.
I believe that users should have the option for having optional encryption for local backups but, with regard to the above point:
Nabu Casa wants to be able to prove that there was no way they looked at your personal data in the event that your privacy is compromised. They also want to ensure your data is safe if they suffer a data breach. I completely understand why they want your data encrypted before they store it.
Whole restore - About every 2x years.
Single file extract - About every 2x months.
Main use case is unpacking the *.tar.gz to get direct access to a config file to check against the current version - useful for debugging, and general version control.
I also sometimes uses the *.tar.gz to help configure a test pre-production install running on separate hardware (e.g. testing, Beta version, new ideas).
There are other uses - unpacking a backup is the only way to extract Mosquitto MQTT Add-On system_user.json “system” account credentials:
Whole backup restore has only been used for hardware upgrades.
Modern uSD cards are pretty reliable, and NVMe even more so.
I well understand the “plausible deniability” protection of a hosting provider from user content (“no access, no subpoenas”) for cloud backups (and UK Legislation) HOWEVER not being to unencrypt a local backup from my own hardware which was created using a standard FOSS library is a very red flag to me.
One major point of FOSS tools is “many eyes make all bugs shallow” (ESR Linus’ Law), but specifically for crypto, I’m going to quote Bruce “Schneier’s Law”:
Please fix initialisation vector entropy, fix file padding, and fix compatibility with standard crypto tooling. I’d prefer AES-256, but get low-end hardware will taker longer than AES-128.
Hello to all and at first a good and happy new year!
What I am missing at the whole discussion of encrpyting backups is to use
generated keys and certificates by the user.
I am sure some and in my opinion not so less users have their own CA (Certificate Authority) or connected to a CA.
So the usability would increase in this case extremely, if users can take her own certificat/key pair.
As conclusion I recommend to “allow” the usage of own certificates
and - of course - allow users to disable encryption.
Settings → System → Updates → 3-dot menu → Join beta channel
This way you can get pre-release beta versions to test and provide feedback to the devs. I had set up a second Home Assistant server to test beta releases, but since the feedback loop is Discord, I won’t bother. Discord is like a room full of toddlers, each trying to be louder than the others in the same room.
Often after updates of HA, some AddOns or intergrations,
When the system no longer works as originally intended after updates to integrations or add-ons,
When I made mistakes during major changes.
I keep the updates for 90 days, regardless of whether it’s sensible.
A 1TB SSD is connected to the Raspi4, no matter how sensible that is - it was cheap. On the NAS, it doesn’t matter…
Data is stored twice, on local SSD and remotely on NAS.
Fix issues in configuration files.
It depends on what I have changed and whether it works. Often after an update to a new HA release.
Just to reiterate, if you are using any custom solution for backups (blueprints, automations, or add-ons that do not use encryption), they will continue to work today. Even with everything new, we’ve made sure to keep everything backward compatible.
As always, we’ll keep improving the functionality of automatic backups over the coming releases. As mentioned in our recent livestream, we’re looking at ways to decrypt your local automatic backups from the UI. This would be helpful if you needed to access the files in them. Hopefully, we’ll have more on that soon.
I check backup file sizes at least weekly to ensure my database is behaving - especially when I’m adding new integrations, devices, helpers, etc.
2x per year I review the configurations of the automated backup scripts I use to ensure the daily partial backups I make (database and a few others) are properly excluding/including items and the weekly backups are indeed capturing the full system backup.
About 2x per year I extract the individual database to repair long-term stats that have gotten screwed up due to a device resetting and totalizers getting reset
About 1-2x per year to complete a full restore usually because of rollbacks on HA versions (1x/yr) OR because my database has become corrupted (<1x/yr). Sometimes entities break that I can’t fix manually, so it’s easier to rollback and wait for fixes.
About 2-6x per year to restore individual integrations.
Calling action “backup.create” from an automation does not work anymore, calling “hassio.backup_full” is a workaround on HAOS, but for obvious reasons not with a core installation in a python venv.
I may have misunderstood and, since I haven’t updated to 2025.1, I can’t test but, when we update the core system or an add-on, does a backup still get made?