Borgmatic Backups for security
HDs are consumables. Like movies.
#backup

Borgmatic Backups for security

Marius C
By Marius C
3 min read

"Backups are important for information security. Underestimated, often forgotten, but key to resilience and compliance alike."

- every sane tech expert

Data is more valuable than ever. And hard disks are just consumables.

In the old days (early 2010s), I had setups with Bacula Backup. It worked well, but restore procedures could become quite complicated. Time-consuming. Nasty jobs, which could quickly lead to unpaid overtime.

Having backup data available at an offsite location isn't enough. We also need to test backups. And that's where processes always failed.

This is a problem. Not only for compliance, but also to make sure that we can respond to ransomware incidents where crypto-lockers are used to stop entire companies.

Having backups of systems also means you can negotiate with vendors, rely on defined exit and migration strategies, and exercise cost control.

When we need to streamline backup and restore test scenarios without massive efforts, simple backup solutions win. One such solution is BorgBackup with Borgmatic.

Borgmatic

BorgBackup – Deduplicating archiver with compression and authenticated encryption

Borg is a very Linux-friendly backup solution. It's simple because on Linux we have FUSE (Filesystems in Userspace), the "Everything Is A File" concept, and we can use a robust scripting language for periodic execution.

BorgBackup has:

  • fast compression (LZ4)
  • encryption (AES)
  • integrity checks (Blake2)
    • incremental and deduplicated storage (!)
    • the backup process is chunk-based, which also means that the process doesn't copy the files 1:1 to the disks of the backup runner. It streams the backups. This isn't like rdiff-backup.
  • FUSE support for restore
  • ...

Borgmatic adds support for

  • configuration-driven integration
  • pre-backup scripts (like docker compose down / up)
    • mounts (like sshfs) for remote systems
  • retention policies
  • archive naming structure
  • Hetzner storage boxes
  • ...
borgmatic
Backup of a remote system of docker volumes with sshfs - borgmatic can be used as a central backup console.

A 5 TB storage box at Hetzner costs 12,99 € (Oct 2025).

You can't tell me that companies cannot afford backups. I prioritize this over EDR / XDR / Endpoint Protection / Proxies etc..

With BorgMatic you can take care of backing up:

  • (remote) Elastic incl. vectorized data (expensive to make) (in Docker)
  • (remote) MySQL, PostgreSQL (in Docker)
  • (remote) Redis (if needed, because it's not always persistent)
  • SaaS tenants (with scripts)

For service systems like AWS S3 or Microsoft OneDrive I prefer rclone mounts.

Rclone
Rclone syncs your files to cloud storage: Google Drive, S3, Swift, Dropbox, Google Cloud Storage, Azure, Box and many more.
RcloneNick Craig-Wood
  • rclone can mount volumes, encrypt data, and compress it.
  • I am not sure if you need to backup service data systems incrementally, but you could use borgmatic with rclone.

Summary: Always have an exit strategy; always be able to make your own decisions. Always backup. Keep it simple, but keep it.

#backup #ci-cd #automation #security #exit-strat

Share This Article

Prev Next

Related Articles