There is a python tool. Kind of hard to use. And they are looking into a possibility to make Thies easier.
“with the stupid mandatory encryption”
As someone who has been pushing for encryption in HAss backups for a long time, I disagree with the “stupid” part. Those backups have A LOT of sensitive info in them, and (especially when you have off-site backups, as you should!) encryption is essential.
True, it would be nice to have some kind of decryption utility allowing you to quickly extract just one file - but I am sure that will come along quite quickly, now that the encrypt/decrypt code is in place.
7 Likes
there is a bug in the setting wizzard.
It’s not possible to set custom amount of backups to anything else then “3”.
For now I will keep the “Samba Backup” addon. That works for me without any problems since a long time allready.
2 Likes
As someone who needs a simple easy way to extract a file from a backup I’m going to stick with the “stupid” comment for now. The reason i call it “stupid” is because mandatory encryption did not need to be there for most of the base functionality (its only really needed for nabu case backups and yes it should be mandatory there)
And while a decryption utility would be nice in the future, that is only true if all the backups were not encrypted automatically with no way to disable it, that either makes a decryption utility mandatory now or makes the option to disable encryption mandatory in my book.
I’ll restate that having automated backups and and encryption are two very good things and a great addition to the platform, however the whole discussion around the feature is now turning in a b*** fest by encryption being mandatory (and yes i realize I’m doing that too)
9 Likes
I do agree with you that there should be an option to disable the default encryption if you really want to. I am always a fan of people having options. And I do hope that the developers will add such an option in the future (with heavy warnings and “are you REALLY sure you know what you’re doing?!” confirmations, but… the option should be there).
However, once again I will disagree on the second part - it’s not needed “only” for nabu casa backups. It is needed every single time you replicate backups off-site, and many times even for local backups, if there are other people/apps that can access the backup location. Security by default is never a “stupid” idea (funny story - even the people at Elastic/ElasticSearch learned this the hard way 
)
[ Edited to add a link to another topic where I was actually requesting this feature of encrypted backups ]
7 Likes
I’m running HA as docker container.
I just set up an initial backup schedule, but it seems the only storage location is “This system” (i.e. local backup only), which results in a tar file below the HA config directory.
This is kind of useless for me, since I already backup the config directory separately.
Reading the announcement I assumed that I could at least specify a network location (e.g. samba share).
But there does not seem to be an “add location” button anywhere?
2 Likes
If encrypted backup is a very good idea, force encryption without decryption tool is very stupid !
- What’s in the backup : I do not know
- How extract just one file ? It is not possible
- How verity the content of a backup : It is not possible
Without decryption tool or the choice to not encrypt backups, i’ll not upgrade to this version !
7 Likes
its needed “only for the nabu casa backups” because they are part of the release, everything else launched could function perfectly fine without encryption and cloud backup. i.e the user base would not have lost any functionality they already had but gained additional functionality. Is it needed functionality in general? absolutely its just came out too soon.
Backup encryption and nabu casa backups, could have come out as a separate release in 2024.2 or later which would have given the dev’s time to look at the feedback from beta and develop a better approach i.e. allow encryption to be disabled when required by the user, make it mandatory for certain destinations, or build the decrypt utility.
In fact i believe encryption could have (and probably should have) launched as an optional feature as part of 2024.1 if not for:
- the effort required to build nabu casa cloud backups code and infrastructure
- the absolute requirement that anything going into their cloud be encrypted with a key they don’t have access to (which is a totally valid requirement, i would expect an even bigger backlash if they launched nabu casa backups without it)
1 Like
force encryption without decryption tool is very stupid
True. This (an offline, standalone decryption tool) is actually something that we do need, and we need it soon. Some people were mentioning a python tool already exists, but I am not sure what tool they were referring to.
And in this context (forced encryption without a dedicated decryption tool) I will even agree with the “stupid” term
3 Likes
Reading the announcement I assumed that I could at least specify a network location (e.g. samba share).
But there does not seem to be an “add location” button anywhere?
Settings / System / Storage / Add network storage. Once you add your network storage location, you will be able to reference it for the backups.
Sorry, typo on my part - should be Settings / System / Storage. Typed too quickly
I will edit the post to fix it.
Maybe it’s because of the containerized environment…
True, the external storage feature is only for HAssOS . But as the comments there say, if you are in containers, you can just mount any remote directory anywhere you wish inside the container - the sky is the limit
1 Like
I am backing up with Add-on: Home Assistant Google Drive Backup will that continue to work as it has done until now?
And will the content of the backup stay the way it used to be unencrypted and with filenames that tell what component it comes from?
From my side all was said in other topic already. Just a conclusion: from 2025 version “backup” function is dead for me until “stupid” mandatory encryption is removed. I’ll find another way for this.
Just one light at the end of the tunnel: samba backup addon still works (so far…).
2 Likes
On my testsystem Google Drive backup is unencrypted and working as before and also backup from the commandline is possible to do unencrypted.
Automatic backups in HA and to Nabucasa is encrypted.
So if only an official statement that the old api will stay there is no problem as I see it.
The stupid encryption is the next step to leave HA for something else.
3 Likes
Why can’t you change the scheduled backup time?
04:45 seems a bit restrictive.
4 Likes