Logo
Deploy Now

Stars

13673

Forks

686

Watchers

56

Developer links

Kopia

Engineers who have outgrown Duplicati or rsync scripts tend to appreciate Kopia's design: encrypted, compressed, content-deduplicated snapshots in Go, stored in a repository on any storage you control - S3, Google Cloud Storage, Azure Blob, Backblaze B2, SFTP, WebDAV, or a plain filesystem. Encryption is mandatory and end-to-end: every block is encrypted client-side with AES-256-GCM or ChaCha20-Poly1305 using keys derived from your repository password, and even file names never leave the machine in plaintext. Blocks are packed into 20-40 MB blobs with random names, so the storage provider learns nothing about content or structure. Deduplication is automatic and content-based - identical data across files, snapshots, and even multiple machines backing up to the same repository is stored once. Policies govern everything per-directory: compression choice, retention (hourly through annual), scheduling, and ignore rules. Incremental snapshots are point-in-time records you can mount and browse like a filesystem. This deployment runs the Kopia repository server with its web UI, centralizing backups from multiple client machines over an authenticated API - each client connects with the server URL and certificate fingerprint, and users only see their own snapshots. Error correction, high-latency-tolerant caching, and both CLI and GUI round it out.

Kopia

Benefits

  • Zero-Knowledge Storage
  • Everything is encrypted before upload - content, names, structure. Your storage provider holds only random-named blobs.
  • Dedup Across Machines
  • Multiple computers backing up to one repository store shared data once - OS files, media, and repos don't multiply.
  • Storage Freedom
  • Kopia is decoupled from storage: S3, GCS, Azure, B2, SFTP, WebDAV, or local disk - switch or combine at will.
  • Central Control
  • The repository server gives every machine an authenticated endpoint and policy management from one web UI.

Features

  • Mandatory E2E Encryption
  • AES-256-GCM or ChaCha20-Poly1305 client-side; unencrypted backups are not possible.
  • Content-Based Deduplication
  • Automatic block-level dedup across files, snapshots, and machines - no configuration needed.
  • Policy Engine
  • Per-directory rules for compression, retention (hourly to annual), scheduling, and ignores.
  • Snapshot Mounting
  • Mount any point-in-time snapshot as a filesystem and browse or restore individual files.
  • Repository Server Mode
  • Centralized multi-client backups over an authenticated API with per-user snapshot isolation.
  • CLI and Web GUI
  • Full-featured command line for automation plus a browser UI for policies, snapshots, and restores.