What about manual local backups? Is there gonna be an option to disable encryption from the UI? Or forced encryption will stay?
5 Likes
Everyone is waiting for you to say: “We’ll give an option to leave the backups unencrypted in the next release”.
11 Likes
If you want to secure that, the only proper way is periodical testing of the restore process. Otherwise it’s a pure theoretical discussion.
Restoring a single file from the backup is a partial restore, you can’t do that with the new backup implementation in an easy manner looks like some folks were able to hack their way through some options. Partial restores as implemented only allow for a full add-on restore or the full settings restore which is more then what’s needed in most cases.
I also think there is a bit of a misunderstanding in what folks mean when they say version control, saving the last x versions of a file is not version control its version history. Version control would need to include the ability to purposely define versions and merge versions which would be quite above the scope of this project
I hope they will, but all conversation I have seen around this the core dev team has been quite resistant to provide a non-encrypted backup option despite large feedback during the beta and post go live.
1 Like
I may save a lot of your time: Using UI is slow… infinitively slower if UI is not accessible.
2 Likes
when you have HAOS or Supervisor you can make an Button or something witch runs the Action hassio.backup_full or you run the Action in the dev tools
1 Like
Let me just say I love this new feature,
Of course there are possibilities for improvements, there always is. But this is something I was hoping for for a long time.
My previous backups didn’t have a password set, simply because I was to lazy to setup it up and save the password.
Now I’m forces to, which (hopefully) is not that bad for me.
Big thanks to the devs making scheduled and external backups possible out of the box.
In all my decades supporting computer systems, I’ve learned not to rely on hope.
I won’t repeat all the possible pitfalls of this approach, which have been spelled out here and in the other related thread. But I will point out that no-one is asking that the option to encrypt be removed. Just that the option to create unencrypted backups be restored.
5 Likes
Does HA OS support raid yet? In my experience drive failure is a lot more common than lightening strikes! Even a way of running two SSD’s for the OS and being able to restore a backup on the secondary in case of primary failure would be helpful.
I wish there were more elaborate customisation options for scheduling and rotation strategy.
There’s little to no benefit for keeping daily backups from the last 30 days, but it makes a lot of sense to keep ones from (-1D, -2D, -3D, -1Wk, -2Wk, -3Wk, -4Wk, -3Mo, -6Mo).
It spares the storage space while giving you more flexibility if you realise you removed a script 3 months ago and would like to take a look at it.
Synology’s HyperBackup absolutely leads the way in this aspect:
3 Likes
This is the key. All the conversation here is not from the “core dev team”, if you see the release party or the forum messages from Madelena and Frank, they’re not saying that. A lot of messages are from angry people, with nothing to add, just anger. And there is a lot of interesting feedback, but could be lost between those messages. I guess is how internet works nowadays…
One question I have is, can I setup an automatic full backup to save it in my NAS and also a smaller one without InfluxDB add-on to upload it to NabuCasa cloud?
Regarding the naming of the version control of the configuration files, I’m fine calling History to that functionality 
frenk posted in this thread above making no mention of unencrypted backups only that they are looking at an way to provide access to files from encrypted backups from the UI. 3…2…1… Backup - #137. which sounds like a whole lot of effort to build around the problem.
Not addressing the elephant in the room (making undecrypted backups an option) in his post tells me the core dev team is not considering un-encrypted backups an option that should be part of the core build.
you can still setup an automatic full backup to your NAS via samba backup i believe, but i dont think there is an option to create a selective full backup, i.e. ignore certain add-ons in the new backup config.
You can selectively backup add-ons via the samba backup add-on or the google drive add-on but that wont go to nabucasa.
looks like you can selectively backup addon’s in the new backup config
influxDB size is one of the reasons as stopped using the add-on and spun up a separate LXC on my proxmox cluster thats back-up separately from HA.
5 Likes
Unencrypted backups are already an option. And you will also have access to unencrypted backups in the new automatic backup system, as Frank mentioned in the post you linked.
1 Like
As another Synology HB user, I thought of exactly the same thing (customized retention) when I saw the HAss backup interface 
.
It sure would be nice to have this kind of granular backup retention strategy, but… I guess the priorities for now are:
- allow the encryption to be disabled
- provide a standalone offline backup decryption utility
- allow customization of the backup time
After that, hopefully, we will get some additional features
5 Likes
Well, you can get that granular strategy with an automation. Typically HA provides a very basic strategy for things in the UI. And if you want to get “crazy” with it, you make your own automation.
No one gonna hack a home assistant in another country, what they gonna do? turn on my light when I’m not at home?
The fact that you are only using HAss for turning on the lights does not mean everyone does. There is a huge amount of damage that can be done via a compromised HAss installation (off the top of my head: access door locking/unlocking; garage door control; alarm panel arming/disarming; alarm siren control; security camera access; turning on an oven remotely; turning off heating and allowing pipes to freeze; turning on a water pump or irrigation system for a long time; etc, etc).
I agree that there should be a way to disable encryption for people who desire it, but that is not because of a lack of “what they gonna do”
5 Likes
Well, you can get that granular strategy with an automation. Typically HA provides a very basic strategy for things in the UI. And if you want to get “crazy” with it, you make your own automation.
True enough. Although I will admit I am not… versed enough in the ways of HA automation to be able to implement something even remotely similar
I think you’re overthinking it. A time trigger (e.g. 4am), with a condition marking the day (e.g. every tuesday), and the single hassio.full_backup or hassio.partial_backup and you’re done.
The retention is a bit more challenging.
Speaking of synology, I run this on my backup folder (as a user-defined script task) to trim beyond 14 days from my newest backup:
find "snapshots" -type f -path "*.tar" -printf '%T@:%p\0' | sort -rzn | awk -v RS='\0' -v ORS='\0' -F: -v d=14 '
NR == 1 {t = $1 - 86400 * d}
$1 < t, 0 {sub(/[^:]*:/, ""); print}' | xargs -r0 rm
replace snapshots with the folder that the user has access to
replace d=14 with any other value to get more or less than 14 days of backups.
The script looks at the newest file, figures out the date, then deletes everything 14 days older than it.
1 Like
A time trigger (e.g. 4am), with a condition marking the day (e.g. every tuesday), and the single hassio.full_backup or hassio.partial_backup and you’re done.
Thank you for that. I do admit that generally I do something similar for retention (in my case, it is a bit simpler, based just on the number of backups stored):
if [ `ls *bak|wc -l` -gt $FILES_TO_KEEP ]
then
rm `ls -t *bak | awk "NR>$FILES_TO_KEEP"`
fi
However, I was later spoiled by Synology with their very granular and customizable retention strategy
I’m sorry but he did not say you will have access to unencrypted backups, he said they are looking to provide an option to decrypt backups in the UI for single file access which is not the same thing.
7 Likes