Multisite backup to single s3 bucket

Hi,

First of all thanks for developing such a fantastic product.

We are planning to rollout duplicati on a few workstations (50-100) and want to store their backup on a single S3 bucket but without exposing each other’s data and also don’t want to store S3 access keys on every workstation for security reasons.

Is there any way I can achieve that?

Thanks

Hello and welcome!

You can target a single S3 bucket as long as each backup on each computer uses a unique subfolder.

Storing credentials for S3 in the workstation cannot be avoided. What exactly is the concern? If it’s a worry about one computer possibly accessing another computer’s backups, I can think of a couple ways to mitigate that:

  1. I believe you could set up a separate IAM account for each workstation. The S3 bucket policy could be configured to allow each workstation’s IAM account access to only its own subfolder in the S3 bucket.

  2. Use a unique encryption key on each workstation. The other workstations would have access to the other backup files but would not be able to decrypt/restore data.

#2 alone is not that great because another computer could still damage the backup data for another computer by deleting the files. The ideal solution is probably doing both #1 and #2. You’d have to carefully track the encryption keys if you use #2 of course. The IAM access keys could be regenerated if they are lost, but if you lose the Duplicati encryption keys you are toast.

Hi,
Thanks for the quick response.

Can we not avoid S3 credentials by using presigned urls. The workstation would send the unique id and in return get a presigned url for its S3 bucket+path.

This should avoid the need for both credentials at the workstation and also would have a seperate folder/path on the same bucket.

We can also turn off the backup for a host remotely then.

Also if we disable encryption then the remote backup can be accessed by admin for any investigation or other process.

Thoughts/Comments on this approach.

I am not familiar with this feature. I’m not sure how it would be more secure than credentials though. If someone got access to the special URL, they’d have access to the files right?

I don’t recall seeing anyone discuss that before on the forum and I don’t know if Duplicati supports it.

You can do that with IAM credentials too, assuming you are using unique creds for each workstation.

If you are managing these backups, then you’d have the unique encryption keys each computer is using right? As long as you have that you could access the backup data.

Turning off encryption for cloud storage feels wrong to me, but if you ensure only the intended user can access their files and won’t have access to any other data then I guess it might be acceptable. Your call of course!

This.

You are responsible for the confidentiality of the content you upload to the cloud. Neither Amazon nor any other provider can assure you that your information will not be disclosed. Duplicati stores keys in plain text on the origin system which kinda sux but it’s still infinitely better than expecting cloud providers to do this for you.

Only encryption keys under your control can be considered useful for confidentiality.

TL;DR: Encrypt all your Duplicati backups. If a given backup seems like it’s not worth encrypting, encrypt it anyway.

2 Likes