Isn’t better to create a new user to perform root tasks as specified in the documentation? I know it is just easier to just the root account but in terms of security, everyone knows and expect to find a “root” user but maybe less people expect you to have another user for this “root” task. At the end, I know if “root” is compromised your’re hugged anyways, but I find that having a restic binary with the right permissions, in some kind of level is like isolating the backup process, which can be very convenient (I don’t know if “isolated” is the right term here) and you can have that user to hold the credentials like in your script. I did this using this script and I find it very convenient, at least for me. I just set a couple of cron jobs for the user, the script and restic binary are in ~/bin and the configuration files (which holds the credentials) are created by the script with chmod 700 permissions so only this specific user can run restic, the script and can read/write the configuration files. I did this thinking that maybe is a little bit safer than having root to deal with this and because I don’t really like to use root except for when I really have to.