In the spirit of security, and in light of our recent feature release of Bulk Storage Container API Keys — we have forked and released a new version of Duplicity, the most popular Bulk Storage backup utility on Cloud-A.
Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.
Our version features a new
clouda:// storage backend that supports the use of our Bulk Storage Container Keys, so you don’t have to embed your credentials with your deployed application doing the backups, and can securely use the generated container full key to do your backups.
You can download the latest stable version from the GitHub repository archive page, install the necessary dependencies, then run the installer.
pip install python-swiftclient lockfile wget https://github.com/CloudBrewery/duplicity-swiftkeys/archive/373.tar.gz tar -zxvf 321.tar.gz cd clouda-duplicity-xxx/ python setup.py install
Where historically, you would have to use the
SWIFT_ environment variables to store all of your authentication information, the new backend only requires two variables to run securely.
export CLOUDA_STORAGE_URL="https://swift.ca-ns-1.clouda.ca:8443/v1/AUTH<tenant>" export CLOUDA_CONTAINER_FULL_TOKEN="<full-XXXX-token>" duplicity [--options] <backup_path> clouda://<container_name>
You can get your tenant_id filled bulk storage URL from the Dashboard under API Access and listed as Object Store, and generate your Full Token from the container list screen under Manage Access.
The new backend supports all advanced duplicity functionality, including full and incremental backups, and GnuGPG encrypted backups. We can’t wait to hear your feedback on this project, and hear about other OpenStack swift third-party tools that you currently use, which we can help offer a Cloud-A secure version of. As always, you can reach our support team at firstname.lastname@example.org, or on twitter at @CDNCloudA.