Kebab is a backup tool that prioritizes confidentiality, integrity, and availability above all else. Kebab creates full backups of your files that are compressed and encrypted and then stored on Amazon S3 or in another directory. To reduce the likelihood of bugs, Kebab is a small amount of code, forgoing features like deduplication and incremental backups. Kebab features:
-
Tiny codebase. Kebab is less than 2000 lines of code. This makes Kebab easier to audit which reduces the likelihood of bugs.
-
Modern cryptography. Kebab uses NaCl's secretbox primitive to encrypt and authenticate your backups. It also uses scrypt to hash your keyfile passphrase.
-
Key availability. The availability of your backups is limited by the availability of your decryption key. Kebab keys are encrypted with a passphrase and easy to write down, making it painless to create physical backups of your key.
-
Fast restoration. Kebab creates full backups of your files. Compared to other backup strategies, full backups are slow to create but fast and simple to restore.
-
Bucket control. Kebab stores data on Amazon S3 using your own account, so you have full control of the underlying bucket. This allows you to store your backups on Amazon Glacier to reduce storage costs. Kebab also supports storing backups in a directory.
-
Free software. Kebab is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Kebab is not space efficient since every backup is a full backup. To reduce complexity and code size, Kebab does not provide features like deduplication or incremental backups. However, Kebab does compress your data using tar/gzip.
Kebab is still useful if you do not have a lot of data, or you have a lot of bandwidth, or you organize your data so that it is easy to backup only what changes (for example, a maildir with a separate directory for each month of mail).
Another limitation of Kebab is that it calls out to tar and gzip, which are
relatively large pieces of software. In the future, Kebab may switch to
using the archive/tar and compress/gzip packages instead.
-
Create an Amazon S3 bucket to store your backups and a JSON file that identifies this bucket:
$ cat s3bucket.json { "Service": { "Region":"us-east-1", "AccessKey":"XYZ...", "AccessKeyId":"ABC..." }, "Bucket":"kebab_482731..." } -
Install Kebab:
$ export GOPATH=... $ go get github.com/davidlazar/kebab/... -
Run tests:
$ go test -v -s3 s3bucket.json github.com/davidlazar/kebab/... $ go test -v github.com/davidlazar/go-crypto/... -
Create a key file with a strong passphrase that you can memorize:
$ kebab -keygen -key kebab.key Passphrase: ... -
With a pen and paper, make physical copies of your key file and store them somewhere safe:
$ cat kebab.key wab77 b8fxk waqkz q0j9e 8jxqx vcc94 64bb5 egb1d rpggb dbg4v 86ygw f4fzg -
Create some backups:
$ kebab -bucket s3bucket.json -key kebab.key -put email-$(date "+%Y-%m-%d") email \ -putfrom docs-$(date "+%Y-%m-%d") ~/sensitive docs -
Restore backups:
$ kebab -bucket s3bucket.json -key kebab.key -get email-2015-03-14 -get ...
Kebab Copyright (C) 2015 David Lazar