Automated 7zip/encrypted backups to the cloud

[ComputerGuy2006]

I have a cron job that runs once a week (Sunday) that archive the entire directory:

7z a  -t7z -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on -pThePassword  -mhe=on  /home/mybackups/$(date +%Y-%V)/$(date +%Y-%V).7z /var/www/html

I then have another cron job that runs every day expect for Sunday:

7z u /home/mybackups/$(date +%Y-%V)/$(date +%Y-%V).7z  /var/www/html  -t7z -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on -pThePassword  -u- -up0q3r2x2y2z0w2!/home/mybackups/$(date +%Y-%V)/$(date +%Y-%V-%d).7z

This means once a week I get a full backup, then every other day for that week I get an incremental backup based on the original weekly backup. I got two questions:

1# Assuming my password is secure, I assume this method of encryption is more then secure enough to put on an encrypted amazon s3 bucket for 'cloud' backups? <- my concern is mainly using the same password over and over.

2# My incremental backups are created everyday, even when there are no changes detected. Any easy/simple way to detect this?

 

[sourceninja]

I don't know I would take this approach unless you need the compression or the security of https in transit (I don't think 7zip backups protect owners and permissions like tar does). I would instead make a S3 bucket and either use AWS provided encryption keys or bring your own encryption keys. Bringing your own keys adds some mild complexity but if you don't trust Amazon to manage your keys it gives you piece of mind. Next I'd just make my cron run "aws s3 sync bucketname" for the directory and sync it directly with S3. Finally I'd turn on s3 versioning and life cycle rules to move older files to cheaper storage over time.

If you are even more worried you could use the aws encryption cli to encrypt the files locally before you send them up with sync (or any other client side encryption tool)