tarsnap

[c]reate a backup archive of one or more files or directories, specifying the cryptographic key and the cache directory

$ tarsnap -c --keyfile [path/to/key_file] --cachedir [path/to/cache_directory] -f [archive_name] [path/to/file_or_directory1 path/to/file_or_directory2 ...]

$ tarsnap -c --dry-run --print-stats --keyfile [path/to/key_file] --cachedir [path/to/cache_directory] -f [archive_name] [path/to/file_or_directory1 path/to/file_or_directory2 ...]

$ tarsnap --list-archives --keyfile [path/to/key_file]

$ tarsnap -d --keyfile [path/to/key_file] --cachedir [path/to/cache_directory] -f [archive_name]

$ tarsnap -tv --keyfile [path/to/key_file] -f [archive_name]

$ tarsnap -x --keyfile [path/to/key_file] -f [archive_name] [path/to/file_or_directory1 path/to/file_or_directory2 ...]

$ tarsnap -c --keyfile [path/to/key_file] -f [new_archive_name] @@[source_archive_name]

tarsnap [OPTIONS] -c -f archive_name [FILE...]
tarsnap [OPTIONS] -x -f archive_name [FILE...]
tarsnap [OPTIONS] -t -f archive_name
tarsnap [OPTIONS] --list-archives
tarsnap [OPTIONS] --fsck
tarsnap [OPTIONS] --prune

-c, --create
    Create a new archive.

-f archive_name, --file=archive_name
    Specify the name of the archive to operate on.

-x, --extract
    Extract files from an archive.

-t, --list
    List the contents of an archive.

-v, --verbose
    Display verbose output during operation.

-k keyfile, --key-file=keyfile
    Specify the path to the Tarsnap key file.

--list-archives
    List all archives stored in your Tarsnap account.

--prune
    Delete old archives based on a specified pruning policy.

--dry-run
    Simulate an operation without making any changes.

--exclude=pattern
    Exclude files matching the specified pattern from the archive.

--include=pattern
    Include files matching the pattern, overriding exclusions.

-Z, --lzma
    Use LZMA compression (default and recommended for new archives).

-z, --gzip
    Use gzip compression.

-j, --bzip2
    Use bzip2 compression.

--no-compression
    Disable compression for the archive.

--print-stats
    Print statistics about data transfer and storage costs.

--fsck
    Perform an integrity check on the archive metadata or blocks.

--config-file=file
    Specify an alternative Tarsnap configuration file.

Tarsnap is a highly secure, efficient, and cost-effective online backup service for various Unix-like operating systems, including FreeBSD, Linux, and OS X.

It was developed by Colin Percival, renowned for creating the scrypt key derivation function. Tarsnap operates via a command-line interface, mirroring the functionality of the standard Unix tar utility, making it familiar to system administrators.

Its core strengths lie in its robust security model, featuring client-side encryption (AES-256) and data integrity verification (SHA256), ensuring that all data is encrypted before leaving your machine and only you hold the decryption key.

Efficiency is achieved through block-level data deduplication across all archives within an account, compression (LZMA, bzip2, gzip), and delta encoding, which significantly reduces storage space and bandwidth usage. Users pay only for the storage consumed and bandwidth transferred, making it a cost-effective solution for incremental backups.

Tarsnap requires a paid account and pre-purchased credits to operate.

The encryption key file is paramount; losing it means permanent loss of access to your backed-up data, as Tarsnap Inc. does not hold your decryption key.

While highly efficient, initial large backups can be time-consuming due to the client-side encryption and deduplication processes.

All operations are strictly command-line based; there is no official graphical user interface.

Tarsnap employs an 'encrypt-then-deduplicate' model. Data is encrypted using AES-256 before being sent to the server. The encryption key is derived from a user-provided passphrase and is never sent to Tarsnap's servers. Deduplication occurs on the encrypted blocks, meaning the server only sees opaque, encrypted data blocks, preventing any possibility of data leakage or metadata analysis by the service provider. All data integrity is verified using SHA256 hashes.

Tarsnap operates on a 'pay-per-use' model, where users purchase credits upfront. Costs are incurred based on the amount of data stored (per gigabyte-month) and the bandwidth used for uploads and downloads. There are no recurring monthly fees, only charges for actual resource consumption. This model, combined with efficient deduplication, often results in very low costs for users with many incremental backups.

Tarsnap was created by Colin Percival, a well-known security researcher and cryptographer, who also developed the scrypt password-based key derivation function. Its development began as a personal project for his own backup needs, aiming to build a backup system that was truly secure, efficient, and affordable.

The service first became publicly available around 2008, quickly gaining recognition in the Unix community for its strong focus on privacy through client-side encryption and its innovative deduplication technology which minimizes storage costs.

tar(1), rsync(1), gpg(1), scp(1)