Restic is a slim and fast backup-solution tailored for users who prefer automation capabilities over a fancy user interface. It also supports off-site backups out of the box, using standard protocols such as SSH or even S3 compatible memory. Restic considers the storage as not trusted in terms of privacy, so the backup uses strong encryption, which comes in handy when using cloud providers. This article provides a brief instruction on how to use 1und1 IONOS Cloud S3 Object storage as a remote backend.
Although S3 is a standard originally introduced by Amazon for AWS, there are many S3-compabible datastores available, such as Minio as a self-hosted solution, or countless S3-compatible providers, such as 1&1 IONOS Cloud in Germany. Due to an existing customer relation in terms of a hosted Kubernetes cluster, the fact that IONOS is under German legislation and the reasonable pricing, IONOS was a compelling option.
Setting up an S3-Compabible store on IONOS
Create a backup group and user
After logging in with an administrative account at IONOS management console (DCD), perform the following steps:
- Go to Manager (Resources), User Manager
- Create a new user. The user should have the sole purpose of serving as backup account.
- Create a group according to your naming schema, stating that the members are backup users only, i.e. “backup-users-group”
- Grant “Use Object Storage” permissions to the group. No other permissions are required
Create an Access secret and a bucket
- Login as the backup user
- Configure 2-factor authentication (recommended)
- Go to Resources/Object Storage Keys Manager and create a new key. Copy key and secret key to your preferred key management solution.
- Go to object storage manager and create a new bucket.
Set up a restic repository
Using the correct URLs and keys, the Restic repository initializion is performed the same way as on Amazon S3.
Restics S3 backend expects the AWS credentials to be present in the environment variables AWS_ACCESS_KEY_ID and AWS_ACCESS_KEY_SECRET.
export AWS_ACCESS_KEY_ID="<your key>" export AWS_SECRET_ACCESS_KEY="<your secret>"
Then, initialize the repository. Assuming you chose the Germany (de) region for the Object storage, the restic command is:
restic -r s3:s3-de-central.profitbricks.com/<your object storage bucket name> init
Done. Using the -r repository expression, the repository can be interacted with as usual.