A real-time backup CLI tool written in Typescript. Safe Backup helps you sync file/folder into a single password encrypted storage. Using technology of RSA & AES.
Backup your sensitive files in the safest way possible
AES-256-CTRfor encryption, and
RSA-4096for storing cipher key
- Password is salted and hashed, never store/use a plain password
- No way to decrypt in hundreds of years without having the exact password
- Even hacker somehow obtained
key.safefile with password hash inside (set
falsethen no one can ever crack it), there is no way to crack it without knowing the source code
Easy & powerful at the same time
- Support both file and folder
- Exclude files and folders with regular expression
- Real-time monitoring files changes and synchronize modified ones
- Pack complicate directories into a single file, easier to transport
- Cross platform friendly, tested on Linux, Windows & MacOS
- Original config & key pair is NOT needed for decryption, unpack & decrypt your files on any devices
- Config builder to spare you from annoying parameters
Highly optimized on speed
- Created a whole new archive format just for performance
- Pipe unchanged files directly without re-encrypting when
savePasswordis set to
- Runs in cluster, unleash the full power of multi-core processor
- 20% ~ 45% faster when dealing with multiple inputs
Table of Contents
npm (node package manager)Install from
You can skip this section to Install Safe Backup if you're quite familiar with Node.
- ### Requirements
- Node.js v11.6.0+
- npm (included by Node.js nowadays)
- nvm (optional)
### Install Node.js LTS
#### Already installed node/nvm
If you have installed Node.js before, you can use
node -vto check the version you have installed, if is outdated:nvm list# 12.10.0# * 8.9.4# 8.2.1nvm use 12.10.0
If you don't have v11.6.0+ installed on nvm:nvm install --ltsnvm use --lts
#### Start from scratch
For those who have never deal with Node.js before, it is recommended to use nvm (node version manager) so you can have multiple versions of Node and switch to another version as you like. It's available on both Linux & Windows.
For Linux (Ubuntu, Debian, RedHat, etc.)
Install cURL to download installation script
sudo apt update sudo apt install curl
Install nvm & node (default is LTS)curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bashnvm install nodenode -v# 12.14.1
If you ran into some errors like
Command 'node' not found, ..., try to reload your path variable:source ~/.bashrc
After you have installed nvm and added to $PATH (which should be done automatically, restart terminal might be required):nvm install nodenode -v# 12.14.1
### Install Safe Backup Install safe-backup globally is recommended, so you can use it directly by calling
safe-backupat the terminal.npm i -g safe-backup
Download Prebuilt Binary
This way is recommended for people just want to use it on the fly. Download and execute, that's how simple it is. You don't have to install or build any environment for safe-backup to run, a full Node.js binary based on your operating platform is built-in.
Executable binary is built by pkg, which is a great tool to pack your Node.js app into a single executable and run on devices without Node.js installed.
Currently support Linux, Windows & MacOS, all have been tested. To download latest safe-backup binary and check out release notes, please head to release page.
npm update -g safe-backup
Update safe-backup by
npm update is only available for those who install with npm. For binary users, download new version of binary at release page and replace it manually. You don't need to worry about losing your configuration or have your password reset, those files are saved at different directory based on your OS.
Configuration & Config Builder
#### Config builder
If safe-backup is ran without parameters, it will try to recover configuration from last usage If no previous configuration is found, config builder will help you to build one without having to deal with these annoying parameters!
#### Configuration file
config.jsonwill be generated automatically at system AppData path based on your OS when initialized. So the next time you open safe-backup there is no need to reconfigure the whole thing again.
If you wish to update configuration, all you have to do is use your desired backup parameters in command line again or use config builder and it will overwrite the old configuration. You can even manually edit
config.jsonif you know what you're doing.
Here is an example of how configuration file looks like:
#### Path to
#### Backup options:
Parameter Alias Optional Value Description --input -i
Absolute paths of folders/files to backup,
paths start with
*will not be encrypted or packed
Absolute paths of folders to store backup files --watch -w
Enable watch mode. Default check interval is
Add ignore rules with regex --save-password -s
Save password to the system. Default is
#### Backup examples
Backup one directory to another in watch mode (check every 120 secs) and disable save password:safe-backup -i "C:\Users\Bob\Pictures" -o "D:\Backup" -w 120 -s false
Mutiple input & output:safe-backup -i "C:\Users\Bob\Pictures" "C:\Users\Bob\Videos" -o "D:\Backup" "F:\Backup"
Backup without encryption or packing:safe-backup -i "*C:\Users\Bob\Pictures" -o "D:\Backup"
Path contains spaces:safe-backup -i "C:\Users\Bob\Hello World.txt" -o "D:\Backup Destination"
Exclude path with regular expression:safe-backup -i "C:\Users\Bob\Pictures" -o "D:\Backup" -I "/^2018-/" "/.+\.tif$/i"
Unpack & Decrypt
--password is not specified, it will prompt for password (which is recommended, you should never use password in command line).
#### Decrypt options
Parameter Alias Optional Value Description --decrypt -d
Paths of encrypted files to decrypt --password -p
Password for decryption (not recommended)
#### Decrypt examples
Decrypt a previous encrypted file:safe-backup -d "D:\Backup\C-Users-Bob-Pictures"
Decrypt mutiple encrypted files:safe-backup -d "D:\Backup\C-Users-Bob-Pictures" "C:\Users\Bob\Videos"
Decrypt a previous encrypted file with password in command line (not recommended):safe-backup -d "D:\Backup\C-Users-Bob-Pictures" -p "123"
#### Misc options
Parameter Alias Value Description --help -h
Print out usage guide in command line --version -v
Show version --config -c
Show current configuration --build-config -b
Start config builder --reset-config
Delete configuration file --reset-key
Delete both public & private key --log -l
Show location of log files --export-config
Export current configuration --import-config
Import previously generated configuration --export-key
Export current key --import-key
Import previously generated key --test
ntimes of backup in a row, default is
#### Misc examples
Export current configuration to current cwd (current working directory):safe-backup --export-config
Import key from previously generated
key.safefile:safe-backup --import-key "./keys/key.safe"
Run 10 times of backup for performance testing:safe-backup --test 10
- Return error while file is currently being edited
- v1.1.1 release
testmode to run
ntimes of backup in a row
- Warm up each worker when they were forked, improve first time performance
- Add plain backup (no packing and encryption)
- bua bug fixed
- No longer change mtime & atime of directories
- v1.1 release
archiveis now a new module named bua
- Restore original stats (mtime, permission, etc.) when unpacking
- NOTICE: Added
modeto bua header, not compatible with encrypted files generate by previous version
- Allow multiple files to decrypt at once
- Remove abs path check on decryption since it's meaningless
- Add backup rate to logging
- Add basic documentation
- Print version & github repo at startup
- v1.0.1 release
- Encrypt password hash twice
- Little improvements on archive
- Better config builder (add
- v1.0 release
node-watchto add recursive folder watch on Linux
- Change logger to colorful-log to prevent ipc problem
- Add update check and notification
- Migrate from
fsfor key storage
- It is now optional to save password
bytesLength !== length
- Migrate from Tar to custom archive format (much faster)
- Store key to appdata
- Add export & import key
- Pipe unchanged files to new pack without re-encrypting
- Decrypting no longer need original private key
- Refactor encrypt system
- Introduce asymmetric cryptography to store password more wisely
- Basic functions have initially completed
- v0.1.0-alpha release
- Work in progress
- Add cliParams to parse arguments
- Plain backup (no packing and encryption)
- Allow multiple files to decrypt at once
- Unpacked files to have original stats (mtime, permission, etc.)
- GUI (not very useful to me though)
scrwdrv @ firstname.lastname@example.org
Distributed under the MIT license. See
LICENSE for more information.
- Fork this repo
- Create your feature branch (
git checkout -b feature/fooBar)
- Commit your changes (
git commit -am 'Add some fooBar')
- Push to the branch (
git push origin feature/fooBar)
- Create a new Pull Request