Restic-server retention and s3 WORM support


I have tried to build a secure backup solution with restic and restic-server (–append-only), but apparently some important building blocks are still missing.
Backup solutions always offer a possibility to manage retention, restic can do that too, but if you use restic-server with the option “–append-only” it is no longer possible to manage retention.
The limited (storage) scalability of restic-server (without S3 support) is also a problem.

For the best protection of the data, restic-server should provide a function to configure/manage retentions, so that the mode “–append-only” can be used in a meaningful way.
Furthermore, restic-server should be able to store the data on S3, taking into account the S3 feature “object-lock”. This would make it possible to protect the backup data even against an attack on the restic-server host.

Is there already development in this direction?

I had some of the same problems, when I had to implement a backup solution.

Somewhere here I’ve read, that the rest-server only does filemanagemant (recieves a file from restic and stores it in the backend), so it can not manage retentions.

I do backups of a server with restic and since this server is exposed to the web, I don’t want it to have access to delete backups. So I wanted to use the rest-server and b2. In my first try I mounted the b2 with rclone to a dir and then rest-server. This wasn’t working really good. So I found out, that rclone has some sort of the rest-server built in.. So now I run my “restserver” the following way:

rclone serve restic b2bucket --append-only --fast-list

For the retention policy, I would suggest, that you write a small skript on the server with the rest-server which basically does the following:

restic forget RETENTIONPOLICY -r rclone:b2bucket
restic purge -r rclone:b2bucket

There’s issue for adding object locking. also adds some documentation for a common used setup for append-only backups, where clients can only add data and a trusted host is allowed to prune the backup.