Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
May 26, 2015
May 26, 2015
May 26, 2015
May 26, 2015
May 26, 2015
May 26, 2015


Kebab is a backup tool that prioritizes confidentiality, integrity, and availability above all else. Kebab creates full backups of your files that are compressed and encrypted and then stored on Amazon S3 or in another directory. To reduce the likelihood of bugs, Kebab is a small amount of code, forgoing features like deduplication and incremental backups. Kebab features:

  • Tiny codebase. Kebab is less than 2000 lines of code. This makes Kebab easier to audit which reduces the likelihood of bugs.

  • Modern cryptography. Kebab uses NaCl's secretbox primitive to encrypt and authenticate your backups. It also uses scrypt to hash your keyfile passphrase.

  • Key availability. The availability of your backups is limited by the availability of your decryption key. Kebab keys are encrypted with a passphrase and easy to write down, making it painless to create physical backups of your key.

  • Fast restoration. Kebab creates full backups of your files. Compared to other backup strategies, full backups are slow to create but fast and simple to restore.

  • Bucket control. Kebab stores data on Amazon S3 using your own account, so you have full control of the underlying bucket. This allows you to store your backups on Amazon Glacier to reduce storage costs. Kebab also supports storing backups in a directory.

  • Free software. Kebab is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.


Kebab is not space efficient since every backup is a full backup. To reduce complexity and code size, Kebab does not provide features like deduplication or incremental backups. However, Kebab does compress your data using tar/gzip.

Kebab is still useful if you do not have a lot of data, or you have a lot of bandwidth, or you organize your data so that it is easy to backup only what changes (for example, a maildir with a separate directory for each month of mail).

Another limitation of Kebab is that it calls out to tar and gzip, which are relatively large pieces of software. In the future, Kebab may switch to using the archive/tar and compress/gzip packages instead.

Getting Started

  1. Create an Amazon S3 bucket to store your backups and a JSON file that identifies this bucket:

     $ cat s3bucket.json
         "Service": {
  2. Install Kebab:

     $ export GOPATH=...
     $ go get
  3. Run tests:

     $ go test -v -s3 s3bucket.json
     $ go test -v
  4. Create a key file with a strong passphrase that you can memorize:

     $ kebab -keygen -key kebab.key
     Passphrase: ...
  5. With a pen and paper, make physical copies of your key file and store them somewhere safe:

     $ cat kebab.key
     wab77 b8fxk waqkz
     q0j9e 8jxqx vcc94
     64bb5 egb1d rpggb
     dbg4v 86ygw f4fzg
  6. Create some backups:

     $ kebab -bucket s3bucket.json -key kebab.key -put email-$(date "+%Y-%m-%d") email \
     -putfrom docs-$(date "+%Y-%m-%d") ~/sensitive docs
  7. Restore backups:

     $ kebab -bucket s3bucket.json -key kebab.key -get email-2015-03-14 -get ...


Kebab Copyright (C) 2015 David Lazar


secure backup tool (not maintained)







No releases published


No packages published