A real-time backup CLI tool written in Typescript. Safe Backup helps you sync file/folder into a single password encrypted storage. Using technology of RSA & AES.
-
Backup your sensitive files in the safest way possible
- Use
AES-256-CTR
for encryption, andRSA-4096
for storing cipher key - Password is salted and hashed, never store/use a plain password
- No way to decrypt in hundreds of years without having the exact password
- Even hacker somehow obtained
key.safe
file with password hash inside (setsavePassword
tofalse
then no one can ever crack it), there is no way to crack it without knowing the source code
- Use
-
Easy & powerful at the same time
- Support both file and folder
- Exclude files and folders with regular expression
- Real-time monitoring files changes and synchronize modified ones
- Pack complicate directories into a single file, easier to transport
- Cross platform friendly, tested on Linux, Windows & MacOS
- Original config & key pair is NOT needed for decryption, unpack & decrypt your files on any devices
- Config builder to spare you from annoying parameters
-
Highly optimized on speed
- Created a whole new archive format just for performance
- Pipe unchanged files directly without re-encrypting when
savePassword
is set totrue
- Runs in cluster, unleash the full power of multi-core processor
- 20% ~ 45% faster when dealing with multiple inputs
Install from npm (node package manager)
You can skip this section to Install Safe Backup if you're quite familiar with Node.
-
- Node.js v11.6.0+
- npm (included by Node.js nowadays)
- nvm (optional)
-
If you have installed Node.js before, you can use
node -v
to check the version you have installed, if is outdated:nvm list # 12.10.0 # * 8.9.4 # 8.2.1 nvm use 12.10.0
If you don't have v11.6.0+ installed on nvm:
nvm install --lts nvm use --lts
For those who have never deal with Node.js before, it is recommended to use nvm (node version manager) so you can have multiple versions of Node and switch to another version as you like. It's available on both Linux & Windows.
-
For Linux (Ubuntu, Debian, RedHat, etc.)
Install cURL to download installation script
sudo apt update sudo apt install curl
Install nvm & node (default is LTS)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bash nvm install node node -v # 12.14.1
If you ran into some errors like
Command 'node' not found, ...
, try to reload your path variable:source ~/.bashrc
-
For Windows
Use nvm-windows created by coreybutler instead, a quick setup executable could be found at release page.
After you have installed nvm and added to $PATH (which should be done automatically, restart terminal might be required):
nvm install node node -v # 12.14.1
-
-
Install safe-backup globally is recommended, so you can use it directly by calling
safe-backup
at the terminal.npm i -g safe-backup
This way is recommended for people just want to use it on the fly. Download and execute, that's how simple it is. You don't have to install or build any environment for safe-backup to run, a full Node.js binary based on your operating platform is built-in.
Executable binary is built by pkg, which is a great tool to pack your Node.js app into a single executable and run on devices without Node.js installed.
Currently support Linux, Windows & MacOS, all have been tested. To download latest safe-backup binary and check out release notes, please head to release page.
npm update -g safe-backup
Update safe-backup by npm update
is only available for those who install with npm. For binary users, download new version of binary at release page and replace it manually. You don't need to worry about losing your configuration or have your password reset, those files are saved at different directory based on your OS.
-
If safe-backup is ran without parameters, it will try to recover configuration from last usage If no previous configuration is found, config builder will help you to build one without having to deal with these annoying parameters!
-
config.json
will be generated automatically at system AppData path based on your OS when initialized. So the next time you open safe-backup there is no need to reconfigure the whole thing again.If you wish to update configuration, all you have to do is use your desired backup parameters in command line again or use config builder and it will overwrite the old configuration. You can even manually edit
config.json
if you know what you're doing.Here is an example of how configuration file looks like:
{ "input": [ "C:\\Users\\Bob\\Pictures", "C:\\Users\\Bob\\Videos" ], "output": [ "D:\\Backup", "F:\\Backup" ], "watch": 120, "savePassword": false, "ignore": [ "/^2018-/", "/.+\\.tif$/i" ] }
-
- Linux:
/home/username/.config/safe-backup/config.json
- Windows:
C:\Users\username\AppData\Roaming\safe-backup\config.json
- MacOS:
/Users/username/Library/Application Support/safe-backup/config.json
- Linux:
-
Parameter Alias Optional Value Description --input -i false
string
|strings
Absolute paths of folders/files to backup,
paths start with*
will not be encrypted or packed--output -o false
string
|strings
Absolute paths of folders to store backup files --watch -w true
number
|null
Enable watch mode. Default check interval is 60
--ignore -I true
string
|strings
Add ignore rules with regex --save-password -s true
boolean
Save password to the system. Default is true
-
Backup one directory to another in watch mode (check every 120 secs) and disable save password:
safe-backup -i "C:\Users\Bob\Pictures" -o "D:\Backup" -w 120 -s false
Mutiple input & output:
safe-backup -i "C:\Users\Bob\Pictures" "C:\Users\Bob\Videos" -o "D:\Backup" "F:\Backup"
Backup without encryption or packing:
safe-backup -i "*C:\Users\Bob\Pictures" -o "D:\Backup"
Path contains spaces:
safe-backup -i "C:\Users\Bob\Hello World.txt" -o "D:\Backup Destination"
Exclude path with regular expression:
safe-backup -i "C:\Users\Bob\Pictures" -o "D:\Backup" -I "/^2018-/" "/.+\.tif$/i"
If --password
is not specified, it will prompt for password (which is recommended, you should never use password in command line).
-
Parameter Alias Optional Value Description --decrypt -d false
string
|strings
Paths of encrypted files to decrypt --password -p true
string
Password for decryption (not recommended) -
Decrypt a previous encrypted file:
safe-backup -d "D:\Backup\C-Users-Bob-Pictures"
Decrypt mutiple encrypted files:
safe-backup -d "D:\Backup\C-Users-Bob-Pictures" "C:\Users\Bob\Videos"
Decrypt a previous encrypted file with password in command line (not recommended):
safe-backup -d "D:\Backup\C-Users-Bob-Pictures" -p "123"
-
Parameter Alias Value Description --help -h null
Print out usage guide in command line --version -v null
Show version --config -c null
Show current configuration --build-config -b null
Start config builder --reset-config n/a
null
Delete configuration file --reset-key n/a
null
Delete both public & private key --log -l null
Show location of log files --export-config n/a
null
|string
Export current configuration --import-config n/a
string
Import previously generated configuration --export-key n/a
null
|string
Export current key --import-key n/a
string
Import previously generated key --test n/a
null
|number
Run n
times of backup in a row, default is10
-
Export current configuration to current cwd (current working directory):
safe-backup --export-config
Import key from previously generated
key.safe
file:safe-backup --import-key "./keys/key.safe"
Run 10 times of backup for performance testing:
safe-backup --test 10
- v1.4.8
- Return error while file is currently being edited
- v1.4.3
- v1.1.1 release
- v1.4.2
- Add
test
mode to runn
times of backup in a row - Warm up each worker when they were forked, improve first time performance
- Add
- v1.4.1
- Add plain backup (no packing and encryption)
- bua bug fixed
- No longer change mtime & atime of directories
- v1.1 release
- v1.3.18
archive
is now a new module named bua- Restore original stats (mtime, permission, etc.) when unpacking
- NOTICE: Added
mode
to bua header, not compatible with encrypted files generate by previous version
- v1.3.17
- Allow multiple files to decrypt at once
- Remove abs path check on decryption since it's meaningless
- Add backup rate to logging
- v1.3.16
- Add basic documentation
- Print version & github repo at startup
- v1.0.1 release
- v1.3.12
- Encrypt password hash twice
- Little improvements on archive
- Better config builder (add
ignore
&savePassword
) - v1.0 release
- v1.3.7
- Use
node-watch
to add recursive folder watch on Linux - Change logger to colorful-log to prevent ipc problem
- Use
- v1.2.6
- Add update check and notification
- Migrate from
keytar
tofs
for key storage - It is now optional to save password
- v1.2.2
- Fix
bytesLength !== length
- Fix
- v1.2.1
- Migrate from Tar to custom archive format (much faster)
- v1.2.0
- Store key to appdata
- Add export & import key
- Pipe unchanged files to new pack without re-encrypting
- v1.1.4
- Decrypting no longer need original private key
- v1.1.0
- Refactor encrypt system
- Introduce asymmetric cryptography to store password more wisely
- v1.0.8
- Basic functions have initially completed
- v0.1.0-alpha release
- v1.0.0
- Work in progress
- Add cliParams to parse arguments
- Plain backup (no packing and encryption)
- Benchmark
- Allow multiple files to decrypt at once
- Unpacked files to have original stats (mtime, permission, etc.)
- GUI (not very useful to me though)
scrwdrv @ scrwdrv.tech@gmail.com
Distributed under the MIT license. See LICENSE
for more information.
- Fork this repo
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request