Unpack encrypted snapshot files

Installation Home Assistant OS
10

I’ve managed to restore my latest snapshot, and reach the files using SAMBA in combination with the static IP adress of the RPI. This opened the file folder with the backup folder and the config folder etc. of the Home Assisstant configuration.

I was able to back up the yaml files here, just in case. And to comment out the Haaska settings in the configuration.yaml file and save it. I was then able to reach the Home Assisstant configuration with the static IP again after restart. So guess something got broken with the Haaska or DuckDNS configuration.

I will save my snapshots without password protection from now on!

1 Like
11

Yeah this is the take-away learning from this topic.

2 Likes
12

Somehow this is weird.

It is my data.

HA cannot hold it hostage within their own ecosystem. Goes against basically the whole no lock in / no cloud principle.

This is not the way.

[Edit]

Somehow it must be possible to add your own ‘salt to the mix’ if you catch my drift. If you fuck that that up? That is your own problem.

[/Edit]

Or am i talking nonsense? Not well educated in encryption in this matter.

1 Like
13

It has nothing to do with that.

It’s like two factor authentication. It’s great when it works but if for some reason you need access without it, sorry, you are shit out of luck. The extra protection ends up working against you, but hey at least your data is secure.

1 Like
14

Then where are my backup codes? so not really 2FA

Any fresh install of HA can unlock those files, why can’t I? What is the secret sauce?

I really would like to know.

2 Likes
15

It was a metaphor.

There’s a python script on the forum somewhere that can decrypt the backup for you.

1 Like
16

Copy that. Current handling of password protected (encrypted) snapshots is a no-go.

1 Like
17

It was easier then I think. Downloaded back up on my second RPI with RasbpiOS, and just unpacked them

18

Yes that was the oriiginally suggested solution:

19

Since I got here from google… There is an answer.

Worked like a charm.

6 Likes
20

Now I have arrived here, too, and yes, it worked like a charm.

However, why can’t HA Backup offer this decryption natively, i.e. without the need to first download the encrypted archive, then installing pip, then running decrypt-ha-backup?

If it is so complicated, nobody will use encrpytion of backups, which renders encryption useless - unless I’m missing a point. Am I?

21

It can. You just have to restore what you decrypt.

22

But it seems impossible to select what should be restored, or am I missing that, too?

Let’s assume that something breaks, and the user wants to restore, but not simply overwrite an e.g. Lovelace card but just a part of it. Does HA Backup currently support this for encrypted backups?

23

No the selection is not that granular. Only core (all dashboards, all config) and add-ons can be selected separately for restoration:

Untitled
Untitled1234×1048 84.6 KB

24

And here it would be nice if decryption was possible from within the backup/restore function without actually overwriting everything, but instead saving the decrypted snapshot to a place from where the user could do more with it.

25

Feel free to suggest this here: https://community.home-assistant.io/c/feature-requests/13

26

Done:

27

Don’t forget to vote for your own request.

1 Like
28

Is this possible? I don’t see a button to vote for my own request.

If somebody else is interested in this feature request, please consider voting for it. Thank you! :heart:

29

Screenshot 2024-07-20 at 08-27-52 It should be possible to decrypt and then download a snapshot - Feature Requests - Home Assistant Community
Screenshot 2024-07-20 at 08-27-52 It should be possible to decrypt and then download a snapshot - Feature Requests - Home Assistant Community929×400 21.2 KB

1 Like