Repository security on http rest server


Didn’t find a definitive answer in the doc, so asking.

I setup a rest server without https and without htpasswd authentication. During first access, I set up a strong repository password.

Is my repository safe from unwanted hostile access that way ?

It’s not safe: While attackers who can to communicate with the REST server are unable to decrypt data, they can remove all data stored in the repo, effectively destroying the backup. That’s not a good idea.

Please make sure to set a password or guard access to the REST server via other means.

Hi Alexander,

I see, but don’t really get it.

I believed that once a repository password/key is set, it is needed for all further operations.

So recommanded way it to setup https and add .htpasswd authentication ? That’s a bit cumbersome for my use case.

(BTW: big up for this fantastic piece of software !)

The password for a repository in restic is used for encrypting and signing the data stored in the repo. Being able to access or remove it is a completely different thing, the repo password does not protect against e.g. files being removed on a remote repository.

The backends used for storage in restic are a bit dumb: They just allow storing, listing, retrieving and deleting files, that’s it. The access control (who is able to store/delete/read/list) must be implemented by the server, separate from restic.

So for the REST server you need to set a password if the service is available to anybody else, otherwise the files can be deleted.


Thanks for this explanation.