How to use Backblaze B2 with restic

I wrote a guide for how I use restic to back up multiple hosts to B2, might be helpful to someone:

I’ve been using this setup to back up four Ubuntu machines and it seems to be working well. I use pass to securely store the B2 application key and RESTIC_PASSWORD on each machine, and I give my main machine access to every machine’s backups so I can do all the maintenance (restic forget, restic prune, restic check) from one machine.

2 Likes

I suggest using

RESTIC_PASSWORD_COMMAND="$(pass show "$RESTIC_HOST"/RESTIC_PASS”

instead of

RESTIC_PASSWORD="$(pass "$RESTIC_HOST"/RESTIC_PASS”

This way, I think, password does not leak via environmental variable, rather is decrypted on demand.

Am I right?

Yeah that seems to work, thanks. It’s a shame that there isn’t a B2_ACCOUNT_KEY_COMMAND for the B2 application key as well.

I think this is the correct bash (so that shellcheck doesn’t complain about anything):

RESTIC_PASSWORD_COMMAND=pass\ "$RESTIC_HOST"/RESTIC_PASSWORD

And you also need to change RESTIC_PASSWORD in the export at the bottom of the script to RESTIC_PASSWORD_COMMAND.

For the env.fish file it’s just:

set -x RESTIC_PASSWORD_COMMAND pass $RESTIC_HOST/RESTIC_PASSWORD

I updated the post with this suggestion, thanks