kopia

Fast, encrypted, deduplicated backups to any cloud or local storage with full client-side control.

13.6Kstars
675forks
Apache License 2.0
Go

Kopia is an open-source backup tool that creates encrypted, compressed, and deduplicated snapshots of files and directories, storing them on any cloud or local storage of your choice. Rather than imaging entire disks, Kopia lets you selectively protect the files and directories that matter most, applying client-side end-to-end AES-256 encryption so that no storage provider — not even Kopia’s own servers — can access your data.

Built in Go and available for Windows, macOS, and Linux, Kopia supports a wide range of storage backends including Amazon S3, Azure Blob Storage, Google Cloud Storage, Backblaze B2, WebDAV, SFTP, and Rclone-compatible services such as Dropbox, OneDrive, and Google Drive. It offers both a powerful CLI for scripting and automation and a native desktop GUI for visual snapshot management, making it accessible to power users and casual users alike.

At its core, Kopia’s repository format combines content-addressed deduplication, Reed-Solomon error correction, and pluggable compression (LZ4, Zstandard) into a single verifiable archive. A dedicated Kopia Repository Server mode allows multiple machines to share a single encrypted repository, enabling centralized backup management for small teams and homelabs without requiring third-party services.

What You Get

  • Client-side end-to-end encryption - All data is encrypted on your machine using AES-256-GCM with user-controlled keys before upload; the storage provider never sees plaintext data.
  • Block-level data deduplication - Only unique data blocks are stored across snapshots, dramatically reducing storage consumption for repetitive data like VM images or versioned codebases.
  • Pluggable compression - Files are compressed with LZ4 or Zstandard before encryption, reducing storage footprint and bandwidth usage for compressible data.
  • Wide storage backend support - Back up to Amazon S3, Azure Blob, Google Cloud Storage, Backblaze B2, WebDAV, SFTP, or any Rclone-compatible service including Dropbox, OneDrive, and Google Drive.
  • Reed-Solomon error correction - Optional ECC layer detects and repairs corrupted or missing data blocks within the backup repository without requiring a full re-upload.
  • Kopia Repository Server - Run a centralized backup server that multiple machines can connect to, enabling team-wide backup management without individual cloud subscriptions.
  • CLI and native GUI - Full-featured command-line interface for automation and scripting, plus a cross-platform desktop GUI for visual snapshot browsing and restore operations.

Common Use Cases

  • Backing up home directories across multiple devices - A user connects their macOS, Windows, and Linux machines to a single Google Cloud Storage bucket, benefiting from cross-device deduplication so shared files are stored only once.
  • Homelab centralized backup server - A sysadmin runs Kopia Repository Server on a NAS to collect encrypted snapshots from 10 machines on the local network without paying for a third-party backup SaaS.
  • Archiving large media libraries to object storage - A photographer uses Kopia with Backblaze B2 to store multi-terabyte raw photo archives; block deduplication eliminates redundant storage across similar RAW files from the same session.
  • Automated database and config backups in DevOps - A developer integrates Kopia CLI into a CI/CD post-deployment hook to snapshot database dumps and configuration files to S3, with retention policies pruning old snapshots automatically.
  • Air-gapped or offline backups to local NAS - A security-conscious user configures Kopia to write encrypted repositories to a local network share with no cloud involvement, maintaining full offline data sovereignty.

Under The Hood

Architecture Kopia implements a clean layered architecture where each concern is fully encapsulated behind interfaces. The CLI layer delegates to a high-level snapshot orchestration layer, which coordinates with the repository engine — itself split into an object manager for arbitrary-size addressable objects, a content manager for deduplicated blocks, and a blob layer that abstracts all raw storage provider I/O. Each cloud storage backend (S3, Azure, GCS, B2, filesystem, SFTP, Rclone) plugs into the blob interface without touching any higher-level logic. Forward-compatibility is enforced at the repository level through a feature-flag gating mechanism: repositories declare which capabilities they require, and clients refuse to open repositories with unsupported feature requirements, enabling safe rolling upgrades in multi-client environments.

Tech Stack Kopia is implemented entirely in Go (1.25+), using the standard library for concurrency primitives, cryptography (AES-GCM), and I/O. Cloud storage integrations use official SDKs — the Azure SDK for Go, the Google Cloud Storage client library, and minio-go for S3-compatible endpoints. CLI argument parsing uses the kingpin v2 framework. The GUI is a separate Electron-based application with end-to-end testing driven by Chromedp. Build and release pipelines run on GitHub Actions using GoReleaser to produce signed cross-platform binaries for amd64 and arm64. OpenTelemetry tracing is threaded through the snapshot upload path for observability in production environments.

Code Quality The repository contains an extensive suite of test files covering unit, integration, stress, endurance, and end-to-end scenarios, with dedicated test packages and reusable test utilities for each concern. Error handling is explicit throughout — errors are returned as typed values, wrapped with stack traces via pkg/errors, and each package defines its own sentinel error values. CI pipelines enforce race detection, code coverage thresholds, license compliance, and static analysis via golangci-lint v2 with over 30 active linters including noctx, wsl_v5, gofumpt, and modernize checks. The codebase actively refactors toward idiomatic Go patterns with each release.

What Makes It Unique Kopia’s defining technical achievement is unifying client-side content-addressed deduplication, AES-GCM encryption, and Reed-Solomon error correction into a single, self-describing versioned repository format that any blob storage backend can host without modification. Its epoch-based index management system enables efficient incremental index compaction without full repository scans, making maintenance operations fast even at large scales. The workshare concurrency primitive in the upload path provides dynamic parallelism that scales with available CPU and I/O without goroutine explosion. These design choices together make Kopia a verifiable, storage-agnostic backup system with no dependency on proprietary formats or centralized key management.

Self-Hosting

Kopia is released under the Apache License 2.0, a permissive open-source license that allows commercial use, modification, distribution, and sublicensing without restriction. There are no copyleft implications for self-hosters — you can integrate Kopia into commercial workflows or redistribute it as part of a product without publishing your own source code. The license does require preservation of copyright and license notices in any distribution.

Running Kopia yourself is operationally straightforward compared to most backup tools: there is no required server component unless you choose to use the Kopia Repository Server for centralized multi-machine management. For individual or small-team use, Kopia writes directly to your chosen storage backend (S3, Azure, local NAS, etc.), so infrastructure requirements are minimal. You are responsible for provisioning and paying for storage, scheduling backups (via cron or the GUI scheduler), managing retention policies, and monitoring for backup failures. Repository maintenance runs automatically in the background, but you should periodically verify repository integrity using kopia repository verify. Upgrades are self-managed and forward-compatibility is carefully maintained across releases.

There is no official managed or SaaS tier for Kopia — the project is purely community-driven and self-hosted. This means there are no enterprise support contracts, managed upgrade pipelines, or hosted dashboards. Compared to managed backup services like Backblaze Personal Backup or commercial solutions like Veeam, you give up centralized monitoring, guaranteed SLAs, and professional support in exchange for full data sovereignty and no recurring software costs. The active community forum and GitHub issue tracker are the primary support channels. For teams that need more operational assurance, pairing Kopia with external monitoring (e.g., Healthchecks.io for missed backup alerts) and a documented runbook is the recommended approach.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search