How to create secure and efficient backups with Restic

Restic is a cross-platform, free and open source program written in Go. We can use it to create compressed, encrypted and space efficient backups, since it is smart enough to archive only changed fragments of files. Restic can use many storage services as targets, such as Google Drive or AWS (Amazon Web Services) S3 buckets, but works also locally and over plain SFTP connections.

In this tutorial we learn how to install Restic on the most used Linux distributions, and how to use it to safely create and restore data.

In this tutorial you will learn:

  • How to install Restic on the most used Linux distribution
  • How to initialize and mount a Restic repository
  • How to create a snapshot, list and extract its content
How to create and restore secure and efficient backups on Linux with Restic
How to create secure and efficient backups on Linux with Restic – Original image by ojosujono96 on Freepik
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Distribution agnostic
Software Restic
Other None
Conventions # – requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux-commands to be executed as a regular non-privileged user

Installing Restic

First of all, let’s see how to install Restic on our system. If we are using RHEL (Red Hat Enterprise Linux) or one of its clones, such as Rocky Linux, before we can proceed with the installation, we need to add the EPEL repository to the system software sources. On Rocky, we can do it by simply installing the “epel-release” package:

$ sudo dnf install epel-release

To add EPEL on a RHEL system, instead, we need to download the appropriate version of the epel-release package from the project website. Supposing we are using RHEL 9, for example, we would run:

$ sudo dnf install

If we are running on Fedora, we don’t need to do anything special, since the restic package is available in the official repository. In all those distributions, we can install Restic by running:

$ sudo dnf install restic

Installing Restic on Debian-based distributions, is just a matter of running the following command:

$ sudo apt install restic

As an alternative, cross-distribution method, we can download and install the Restic pre-built binary directly from the project github repository. At the moment of writing, the latest available version is 0.16.2.

Initializing a repository

Restic is able to backup data locally, over SFTP connections, and to several platforms such as AWS or Google Drive. In this tutorial, for the sake of simplicity, we will create a local repository. To create a repository, we use the restic init command, and we provide the path of the target repository as argument to the -r option. In the example below, we create the “restic-repo” repository under the /mnt directory:

$ sudo restic init -r /mnt/restic-repo

Since our data is protected with encryption, we are prompted to provide a password for the repository. Each time we invoke restic, we need to point it to the repository location. This can quickly become annoying. To avoid it, we can simply assign the path of the repository as the value of the RESTIC_REPOSITORY environment variable.

Creating our first backup

Once we initialized our repository, we can create our first snapshot. To create a snapshot we use the backup command. In the most basic case, we just provide the path to the repository and the list of files we want to include in the backup. Supposing we want to archive the entire content of the /etc directory, we would run:

$ sudo restic backup -r /mnt/restic-repo /etc

Instead of passing the list of files directly from the command line, we can write them, one per line, in a file. We then pass the path of the file as argument to the --files-from option. Once the snapshot is created, we will receive a report showing important information such as the number of files and directories included in it:

repository a6797806 opened (version 2, compression level auto)
created new cache in /root/.cache/restic
no parent snapshot found, will read all files

Files: 1477 new, 0 changed, 0 unmodified
Dirs: 427 new, 0 changed, 0 unmodified
Added to the repository: 24.957 MiB (5.953 MiB stored)

processed 1477 files, 23.789 MiB in 0:00

The first snapshot will include all files; subsequent ones will take less time to complete, since they will include only the fragments of files which were actually modified.

Excluding files and directories from a snapshot

In the previous example, we included all the content of the /etc directory in the snapshot. Sometimes, however, we may want to exclude certain files and directories from the backup. We can specify exclusion patterns as the argument of the --exclude option. Suppose, for example, we want to exclude all files with the “.py” extension; here is the command we would run:

$ sudo restic backup -r /mnt/restic-repo /etc --exclude *.py

We can repeat the --exclude option multiple times, so to specify several exclusion patterns. We also have the chance to write all exclusions patterns in a file, one per line, and then pass the path of said file as argument to the --exclude-file option.

Listing the snapshots in a repository

Each time we use restic, a new snapshot is created. To retrieve the list of snapshots in a repository we use the restic snapshots command. To list all the snapshots in the “restic-repo” repository, we would run:

$ sudo restic snapshots -r /mnt/restic-repo

In this case, after providing the repository password, the command produces the following output:

repository a6797806 opened (version 2, compression level auto)
ID Time Host Tags Paths
982dac84 2023-11-23 12:47:53 fingolfin /etc
a91be944 2023-11-24 10:16:50 fingolfin /etc
2 snapshots

The output includes information about each snapshot:

  • ID
  • Creation date
  • Host on which the snapshot was created
  • Tags
  • Included files

The most important information here is the ID, since we use it to reference a snapshot when we want to list or extract its content.

Listing the files in a snapshot

To get a list of the files included in a snapshot, we use the restic ls command, passing the ID of the snapshot as argument. Say we want to check the content of the first snapshot we created (a91be944). We would run:

$ sudo restic ls -r /mnt/restic-repo a91be944

We can also decide to retrieve the content of one or more specific directories included in the snapshot. To list only the files included in the /etc/xdg directory, for example, we would run:

$ sudo restic ls -r /mnt/restic-repo a91be944 /etc/xdg

Mounting a repository

To inspect the content of a repository we can mount it using the restic mount command. We just need to specify the directory we want to use as mountpoint. Supposing we want to mount the repository on the /media directory, we would run:

$ sudo restic mount -r /mnt/restic-repo /media

Once a repository is mounted, all snapshots contained in it can be found under the “snapshots” directory (/media/snapshots in this case):

$ ls -l /media/snapshots
total 1
dr-xr-xr-x. 2 root root 0 Nov 23 12:47 2023-11-23T12:47:53+01:00
dr-xr-xr-x. 2 root root 0 Nov 24 10:16 2023-11-24T10:16:50+01:00
lrwxrwxrwx. 1 root root 25 Nov 24 10:16 latest -> 2023-11-24T10:16:50+01:00

Each directory contains the whole file tree, “latest” being just a symbolic link to the latest snapshot:

$ sudo tree /media/snapshots -L 2
├── 2023-11-23T12:47:53+01:00
│   └── etc
├── 2023-11-24T10:16:50+01:00
│   └── etc
└── latest -> 2023-11-24T10:16:50+01:00

Restoring data

The most important part of a backup is the ability to easily restore data contained in it. When using restic, to restore data from a snapshot we use the restore command. We pass the ID of the snapshot we want to restore as argument, and pass the directory we want to extract the backup to, as argument of the --target option:

$ sudo restic restore -r /mnt/restic-repo latest --target=/

We can decide to restore the entire content of a snapshot, as we did above, or only parts of it. To extract only a subfolder from a snapshot, say for example /etc/xdg, we can use the following syntax:

$ sudo restic restore -r /mnt/restic-repo latest:/etc/xdg --target=/

Notice that when a directory is specified as we did above, only its content is extracted, not the directory itself.  We can also specify which files should be restored, by using the  --include and --exclude options, or their case-insensitive equivalents: --iinclude and --iexclude. To extract only files with the “.conf” extension, for example, we would run:

$ sudo restic restore -r /mnt/restic-repo latest --include=*.conf --target=/


In this tutorial, we learned how to backup and restore data with Restic. Restic works similarly to Borg: it produces compressed, encrypted and space-efficient deduplicated snapshots. Here we saw how to initialize and mount a repository and how to list and restore the content of Restic snapshots. For obvious reasons, in this article we covered only Restic basic concepts; to know more about this wonderful program, please take a look at its man page or visit the project official website!


Comments and Discussions
Linux Forum