Using rclone to backup to B2: backup-dir vs B2's lifecycles

This is not asking for rclone help as I know how to do what I want. I am just thinking through my options.

I am setting up a new server and I want to backup the entire thing to B2. I see two approaches:

  1. Use --backup-dir with dated directories
  2. Use B2's Lifecycle rules to keep revisions

There are pros and cons to both. I am kind of just thinking "out-loud" and want to see if I am missing anything.

Backup Dir:

  • Pros: Backend-agnostic. Same procedure I use elsewhere. Easy to mount and see the backups. Better for moved files if I choose to track them. More easy to prune. Can use filename encryption if desired
  • Cons: Requires extra API calls. Requires an API key that allows deletion

And for Life Cycle rules, it is basically the opposite:

  • Pros: Can have an API key that disallows deletion. Fewer API calls
  • Cons: Cannot use filename encryption, Harder to browse and decipher. Specific to B2 and therefore also harder to migrate

Am I missing other pros and cons? I don't really mind the API calls of --backup-dir. I also do plan to do crypt but I can forgo name encryption.

Really, the biggest benefit to using the Life Cycle is that if there is a server intrusion, even if my config is compromised, a bad actor can't delete my backups (if they are on my system, it doesn't matter that they can decrypt my backup).

Any other thoughts?


1 Like

Bump and following...

I never got an answer but what I eventually chose was backup-dir and a 2 day retention. Just in case I mess something up! Still no protection from a force delete (at least I don’t think) but I’m more worried about my own mistakes than malicious actors.

not sure that is true, not sure at all...

if that bad actor has the rclone config file, they can delete all the b2 files, including older versions.
perhaps b2 has additional protections that can be enabled, such as MFA before deleting versions.
or using service files or a locked down b2 user with limited permissions, for the rclone config, can keep you safe.

I agree! I never looked into if there is an API restriction against the hard delete vs regular. But if there is, then I think I’m okay.