Backups with rsync and gpg


I've found plenty of posts online about this but none that actually answer my question.

I'm trying to back up my system in such a way that the files end up encrypted on my backup drive. Here's a naive chain of pseudo-commands that obviously wouldn't work, but it's kind of a good illustration of what I'm after:

find / | gpg --encrypt | rsync host::src

I'm backing up my entire drive except for things that can't be backed up (e.g. /proc). I already have my rsync command nailed down and it's working, so that part of it isn't an issue.

I've played with gpg a little bit and I know how to encrypt a file. I can imagine how I might achieve what I'm trying to do but I'm not sure if it's the best way to do it. For example, maybe I could do something like this:

tar czvf /home/jason/everything.tgz /
gpg --encrypt /home/jason/everything.tgz
rsync rsync -arvz --delete /home/jason/ jason@my-backup-machine::share
rm /home/jason/everything.tgz

But that seems a little silly. It would be nice if I could somehow just pipe everything through gpg as it goes out and not have to store an entire encrypted version of my hard drive on my hard drive ("Yo dawg…"). Does anyone have some saner ideas?

Best Answer

Have a look at duplicity.

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.