duplicity backup - Microsoft Onedrive

This is one post in a series of tutorials on Duplicity. If you are just getting started with duplicity, I recommend to first read the first and second part to get a basic overview of duplicity and get GPG keys setup properly (this will not be covered in this post).
You should also visit the duplicity overview post, which contains a list of all posts in this series.
The basic configuration of this post will be used in this post to configure duplicity-backup.sh.

Microsoft Onedrive

In order to get going with Microsoft Onedrive, we need a Microsoft Account.
The free version offers 5Gb of free storage. Older accounts may have more storage available - more is available for paying customers.

Using the Onedrive backend requires python-requests and python-requests-oauthlib to be installed (as defined on the man page under Requirements).
Let's simply install them on our system.

sudo apt-get install python-requests python-requests-oauthlib

If you skip this step and don't have these packages installed, then the execution will fail with the following message:
BackendException: OneDrive backend requires python-requests and python-requests-oauthlib to be installed. Please install them and try again.

Let's run an initial (manual) test:

duplicity --encrypt-key 3E988E6866B39EE1 --sign-key E24E7891636093DB  /tmp/backupTest/ "onedrive://duplicityTest1/backup"

As this is the first time, we will need to go to the link the program shows to confirm the OAuth request.
onedrive_oauth1

After confirming by clicking on yes, we need to copy/paste the URL we are forwarded to into duplicity which is waiting/asking for it.
Duplicity will now save the oauth-key, so no further actions are required.
Should you ever want to revoke access to your onedrive account, simply go to the apps and services page and remove access to duplicity.

duplicity-backup.sh

Implementing this into the duplicity-backup.sh script is as easy as setting the "DEST=" Variable to "onedrive://duplicityTest1/backup".
The rest of the configuration remains identical to the configuration used in the duplicity-backup.sh post.

DEST="onedrive://duplicityTest1/backup1"

Please note that it is necessary to run the first run manually to get OAUTH setup, otherwise the backup-script will not work as duplicity can only log you in if it is run interactively.

We now run the duplicity-backup.sh script again.

./duplicity-backup.sh --config duplicity-backup.conf --full

If you still have the cronjob scheduled and used the same configuration file, the backup will automatically go to onedrive instead of the sftp server.

Drawbacks

access level to your onedrive Folder

One downside of Onedrive is that currently you need to grant duplicity access to all your files. I don't expect duplicity to exploit this, however, having the possibility to grant a single, dedicated folder like it is possible with Dropbox would be desirable. Especially if you intend to run duplicity on a server - the OAuth key will need to be saved on that server - which could be a potential problem if sensitive files are in Onedrive and your server is be breached. Fixing this should be easy - the new API does support this, but it does not seem to be implemented into the duplicity backend (yet), which is still using the old skydrive API.

Office 365

I also have to say that I did only test onedrive with a personal account, access to a Office 365 Onedrive account may not work (Onedrive personal and Office 365 are called identically, but are 2 separate things when interacting with them on an API level).

FULL DISCLOSURE
If you register with onedrive using the link above, i will get free space added through the referral program. If you want to avoid this, please use this link or type in https://onedrive.com into your browser manually.

Matthias

Read more posts by this author.