The backups seem to only be partial backups which seem to be worthless for disaster recovery. I was not able to use it to restore a new system during the onboarding.
I’m wondering where people save their keys.
I usually would store this in vaultwarden, but since I have installed vaultwarden as an addon on HA that would not be very smart.
I don’t trust cloud based password managers.
For now I stored a copy of the key in onedrive, but I’m wondering if that’s the best place to store it.
One copy on my network share, one copy on my laptop, and one copy on a portable hard drive. Pretty much how/where I store anything that it would cost me to lose, once bitten twice shy.
How can you do an unencrypted backup from the command line? Are you just tar’ingup a bunch a folders? Which ones? Thanks!
Loving HA, but please add my vote for an option for unencrypted backups. My backups were about 12MB in size and then suddenly jumped to 200MB. I wanted to just untar them and see what got added, but I couldn’t because of the encryption!
I’m going to try the samba backup addon, as I read it still makes unencrypted backups.
I’m happy to just write a script to tar up the needed files if the list is documented somewhere.
Thanks
Did you ever restore from a 12MB backup? For a full backup 200MB is small - I would expect something between 400MB and 800MB.
Yes I’ve restored a few times successfully both on a RP5 running HAOS and in my VM running HAOS. Worked fine. I have a small zigbee network, 1 matter device and about 4 automations + the voice pipline w/ollama.
As i already pointed out in one topic: mostly in the same folder where backups are… as this claim prooves:
pretty safe, don’t you agree… 
It could be pretty safe, because it’s probably stored itself in an encrypted file, together with lots of other passwords, with the use of password manager. I mean, I don’t get people in this thread who act as if this is the first password in their lives.
3 Likes
It could be the first password for them without the “I forgot my password” button. 
6 Likes
Never put sensitive stuff in OneDrive, Google Drive, Dropbox etc.
I’ve settled for BitWarden – sure, it has cloud sync, but their implementation is solid. Somebody could twist their arm and get them to inject code to get access to your passwords, but then you’re dealing with a directed attack against you by somebody with enough power that you’re f***ed no matter what you do. Oh, and you can self-host the “cloud” part.
You could also use a local-only solution like KeePass, but then you have to do a solid backup setup.
What’s most likely – that something goes wrong and you lose your password vault, or that you’re specifically targeted by somebody with nation-state powers?
2 Likes
That’s an assumption and an incorrect one, certainly not proof of anything.
I would assume
my network share, one copy on my laptop, and one copy on a portable hard drive
is all local, if your house burns down it might all be lost
…and, since it’s all local there’s no need for encryption in the first place…
But, then again, if my house burns down there are tons of other things to worry than HA…
4 Likes
It would be wise to encrypt even locally.
That way, if your devices are stolen (burglary), at least you have some protection against the contents being used for data/identity theft.
You’re kidding, right? You also have Home Assistant files “stored locally”. Why on earth would someone hassle with passwords, encryptions etc… if he/she can simply copy your entire home assistant folder?
There’s no point in encrypting backup if your HA folder is open and on the same drive, right?
5 Likes
So your entire Home Assistant installation is also encrypted? Interesting. How is the performance?
2 Likes
Why this question? All my windows machines are running fine using bitlocker.
You should ask how.
In this case you definitely don’t need additional encrypted backup.
And—you still don’t understand. Let me try to explain in steps:
- you have,say, a server, RPi… whatever; and you have installed HA on it;
- when you creating HA backup that files are stored locally in the same folder system as HA files (specifically: one level up from config, then there’s a folder called “backup”)
- now let’s say that your server…is stolen, broken into… so:
- when a pirate will browse on your machine it will find your unencrypted HA files (your running HA system), and if he/she needs anything from your HA it will copy from there.
so, now i wonder:
- how would you benefit from the fact that your backup file is encrypted, if pirate can (easier) copy/stole entire (open) HA running system from you?
Encrypted backups do have sense, but only on remote locations. THAT’s why so many of us requested possibility of UNencrypted ones. And solution dev’s made is ideal: possibility to turn off encryption for local, but not for remote storage location.
It’s pretty much the same as if you would have windows system and you’d make regular backup copies of your “documents” folder into encrypted zip file and then store it on same drive as your documents folder is…
3 Likes
Then again.
Windows systems have an encrypted file system by default.
Ofc. The backup then also is on this same file system. So still no use for it.
But I think keeping the backup only local is not enough.
Totally agreed, it’s definitely not enough. Encrypting remote stores files was never an issue, only local. I (and many others, too) use local backups for extracting pieces of code when i want something to revert etc… and that was disabled in 2025.01.