I’m new to restic, and I just set it up and created first backups. I had been saving my manual backups (encrypted tarballs) to Proton Drive. So when I setup restic, I created my local repository in the Proton-synced folder on my MacBook.
I’m guessing the danger of this is that Proton Drive sync can be a bit erratic, and I get no feedback when running restic as to whether the sync completed. I have to manually watch the Proton Drive app and see that it synced the changed files.
I do have an AWS account, so maybe I should move to S3 instead. I need to read about the restic encryption. I don’t know if it’s as safe on S3 as on Proton Drive.
You are correct - by putting your repository in a folder that Proton Drive synchronizes, you are adding additional components into the mix and the setup is more complicated and with higher chances of things going wrong.
You could indeed use S3 instead (any S3 compatible service), or if you really want to use Proton Drive you can try to use it via rclone – you use the rclone backend in restic, and configure rclone to use Proton Drive behind the scenes.
Generally, simpler and less complicated is better
To answer your question, S3 is perfectly fine to use with restic, it’s one of the oldest backends in restic and heavily used by a lot of users. Not only for Amazon S3 but also for S3-compatible services, e.g. Backblaze.
The encryption section of the docs doesn’t mention much. Is it hard-core encryption, or can I pick the algorithm? I’m backing up code and I want the intellectual property to be protected with the best encryption.
There is no such thing as “best” - it all comes down to needs and requirements, and in the context of security things like threat models.
A more relevant question is perhaps; do you have any very specific needs? If not, then the encryption in restic is arguably just as good for you as it is for everyone else trusting their precious data with restic
If you want to read about how restic implements encryption, which is indeed a good idea, then that is much more expained in the design reference which you can find here: References — restic 0.18.1 documentation (in particular this part).
To answer your specific question, no, you cannot select the encryption method, it is hard-coded into restic. The article by Filippo Valsorda that is linked to in the text that you linked to is a bit old, but still a nice read if you are interested.
