{
    "mode": "man",
    "parameter": "DUPLICITY",
    "section": "1",
    "url": "https://www.chedong.com/phpMan.php/man/DUPLICITY/1/json",
    "generated": "2026-06-17T20:55:48Z",
    "synopsis": "For detailed descriptions for each command see chapter ACTIONS.\nduplicity [full|incremental] [options] sourcedirectory targeturl\nduplicity verify [options] [--compare-data] [--file-to-restore <relpath>] [--time time]\nsourceurl targetdirectory\nduplicity collection-status [options] [--file-changed <relpath>] targeturl\nduplicity list-current-files [options] [--time time] targeturl\nduplicity [restore] [options] [--file-to-restore <relpath>] [--time time] sourceurl\ntargetdirectory\nduplicity remove-older-than <time> [options] [--force] targeturl\nduplicity remove-all-but-n-full <count> [options] [--force] targeturl\nduplicity remove-all-inc-of-but-n-full <count> [options] [--force] targeturl\nduplicity cleanup [options] [--force] targeturl\nduplicity replicate [options] [--time time] sourceurl targeturl",
    "sections": {
        "NAME": {
            "content": "duplicity - Encrypted incremental backup to local or remote storage.\n\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "For detailed descriptions for each command see chapter ACTIONS.\n\nduplicity [full|incremental] [options] sourcedirectory targeturl\n\nduplicity verify [options] [--compare-data] [--file-to-restore <relpath>] [--time time]\nsourceurl targetdirectory\n\nduplicity collection-status [options] [--file-changed <relpath>] targeturl\n\nduplicity list-current-files [options] [--time time] targeturl\n\nduplicity [restore] [options] [--file-to-restore <relpath>] [--time time] sourceurl\ntargetdirectory\n\nduplicity remove-older-than <time> [options] [--force] targeturl\n\nduplicity remove-all-but-n-full <count> [options] [--force] targeturl\n\nduplicity remove-all-inc-of-but-n-full <count> [options] [--force] targeturl\n\nduplicity cleanup [options] [--force] targeturl\n\nduplicity replicate [options] [--time time] sourceurl targeturl\n\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "Duplicity incrementally backs up files and folders into tar-format volumes encrypted with\nGnuPG and places them to a remote (or local) storage backend.  See chapter URL FORMAT for a\nlist of all supported backends and how to address them.  Because duplicity uses librsync,\nincremental backups are space efficient and only record the parts of files that have changed\nsince the last backup.  Currently duplicity supports deleted files, full Unix permissions,\nuid/gid, directories, symbolic links, fifos, etc., but not hard links.\n\nIf you are backing up the root directory /, remember to --exclude /proc, or else duplicity\nwill probably crash on the weird stuff in there.\n\n",
            "subsections": []
        },
        "EXAMPLES": {
            "content": "Here is an example of a backup, using sftp to back up /home/me to somedir on the other.host\nmachine:\n\nduplicity /home/me sftp://uid@other.host/somedir\n\nIf the above is run repeatedly, the first will be a full backup, and subsequent ones will be\nincremental. To force a full backup, use the full action:\n\nduplicity full /home/me sftp://uid@other.host/somedir\n\nor enforcing a full every other time via --full-if-older-than <time> , e.g. a full every\nmonth:\n\nduplicity --full-if-older-than 1M /home/me sftp://uid@other.host/somedir\n\nNow suppose we accidentally delete /home/me and want to restore it the way it was at the time\nof last backup:\n\nduplicity sftp://uid@other.host/somedir /home/me\n\nDuplicity enters restore mode because the URL comes before the local directory.  If we wanted\nto restore just the file \"Mail/article\" in /home/me as it was three days ago into\n/home/me/restoredfile:\n\nduplicity -t 3D --file-to-restore Mail/article sftp://uid@other.host/somedir\n/home/me/restoredfile\n\nThe following command compares the latest backup with the current files:\n\nduplicity verify sftp://uid@other.host/somedir /home/me\n\nFinally, duplicity recognizes several include/exclude options.  For instance, the following\nwill backup the root directory, but exclude /mnt, /tmp, and /proc:\n\nduplicity --exclude /mnt --exclude /tmp --exclude /proc / file:///usr/local/backup\n\nNote that in this case the destination is the local directory /usr/local/backup.  The\nfollowing will backup only the /home and /etc directories under root:\n\nduplicity --include /home --include /etc --exclude '' / file:///usr/local/backup\n\nDuplicity can also access a repository via ftp.  If a user name is given, the environment\nvariable FTPPASSWORD is read to determine the password:\n\nFTPPASSWORD=mypassword duplicity /local/dir ftp://user@other.host/somedir\n\n",
            "subsections": []
        },
        "ACTIONS": {
            "content": "Duplicity knows action commands, which can be finetuned with options.\nThe actions for backup (full,incr) and restoration (restore) can as well be left out as\nduplicity detects in what mode it should switch to by the order of target URL and local\nfolder. If the target URL comes before the local folder a restore is in order, is the local\nfolder before target URL then this folder is about to be backed up to the target URL.\nIf a backup is in order and old signatures can be found duplicity automatically performs an\nincremental backup.\n\nNote: The following explanations explain some but not all options that can be used in\nconnection with that action command.  Consult the OPTIONS section for more detailed\ninformations.\n\n\nfull <folder> <url>\nPerform a full backup. A new backup chain is started even if signatures are available\nfor an incremental backup.\n\n\nincr <folder> <url>\nIf this is requested an incremental backup will be performed.  Duplicity will abort if\nno old signatures can be found.\n\n\nverify [--compare-data] [--time <time>] [--file-to-restore <relpath>] <url> <localpath>\nVerify tests the integrity of the backup archives at the remote location by\ndownloading each file and checking both that it can restore the archive and that the\nrestored file matches the signature of that file stored in the backup, i.e. compares\nthe archived file with its hash value from archival time. Verify does not actually\nrestore and will not overwrite any local files. Duplicity will exit with a non-zero\nerror level if any files do not match the signature stored in the archive for that\nfile. On verbosity level 4 or higher, it will log a message for each file that differs\nfrom the stored signature. Files must be downloaded to the local machine in order to\ncompare them.  Verify does not compare the backed-up version of the file to the\ncurrent local copy of the files unless the --compare-data option is used (see below).\nThe --file-to-restore option restricts verify to that file or folder.  The --time\noption allows to select a backup to verify.  The --compare-data option enables data\ncomparison (see below).\n\n\ncollection-status [--file-changed <relpath>]<url>\nSummarize the status of the backup repository by printing the chains and sets found,\nand the number of volumes in each.\n\n\nlist-current-files [--time <time>] <url>\nLists the files contained in the most current backup or backup at time.  The\ninformation will be extracted from the signature files, not the archive data itself.\nThus the whole archive does not have to be downloaded, but on the other hand if the\narchive has been deleted or corrupted, this command will not detect it.\n\n\nrestore [--file-to-restore <relpath>] [--time <time>] <url> <targetfolder>\nYou can restore the full monty or selected folders/files from a specific time.  Use\nthe relative path as it is printed by list-current-files.  Usually not needed as\nduplicity enters restore mode when it detects that the URL comes before the local\nfolder.\n\n\nremove-older-than <time> [--force] <url>\nDelete all backup sets older than the given time.  Old backup sets will not be deleted\nif backup sets newer than time depend on them.  See the TIME FORMATS section for more\ninformation.  Note, this action cannot be combined with backup or other actions, such\nas cleanup.  Note also that --force will be needed to delete the files instead of just\nlisting them.\n\n\nremove-all-but-n-full <count> [--force] <url>\nDelete all backups sets that are older than the count:th last full backup (in other\nwords, keep the last count full backups and associated incremental sets).  count must\nbe larger than zero. A value of 1 means that only the single most recent backup chain\nwill be kept.  Note that --force will be needed to delete the files instead of just\nlisting them.\n\n\nremove-all-inc-of-but-n-full <count> [--force] <url>\nDelete incremental sets of all backups sets that are older than the count:th last full\nbackup (in other words, keep only old full backups and not their increments).  count\nmust be larger than zero. A value of 1 means that only the single most recent backup\nchain will be kept intact.  Note that --force will be needed to delete the files\ninstead of just listing them.\n\n\ncleanup [--force] <url>\nDelete the extraneous duplicity files on the given backend.  Non-duplicity files, or\nfiles in complete data sets will not be deleted.  This should only be necessary after\na duplicity session fails or is aborted prematurely.  Note that --force will be needed\nto delete the files instead of just listing them.\n\n\nreplicate [--time time] <sourceurl> <targeturl>\nReplicate backup sets from source to target backend. Files will be (re)-encrypted and\n(re)-compressed depending on normal backend options. Signatures and volumes will not\nget recomputed, thus options like --volsize or --max-blocksize have no effect.  When\n--time time is given, only backup sets older than time will be replicated.\n\n",
            "subsections": []
        },
        "OPTIONS": {
            "content": "",
            "subsections": [
                {
                    "name": "--allow-source-mismatch",
                    "content": "Do not abort on attempts to use the same archive dir or remote backend to back up\ndifferent directories. duplicity will tell you if you need this switch.\n\n\n--archive-dir path\nThe archive directory.  NOTE: This option changed in 0.6.0.  The archive directory is\nnow necessary in order to manage persistence for current and future enhancements.  As\nsuch, this option is now used only to change the location of the archive directory.\nThe archive directory should not be deleted, or duplicity will have to recreate it\nfrom the remote repository (which may require decrypting the backup contents).\n\nWhen backing up or restoring, this option specifies that the local archive directory\nis to be created in path.  If the archive directory is not specified, the default will\nbe to create the archive directory in ~/.cache/duplicity/.\n\nThe archive directory can be shared between backups to multiple targets, because a\nsubdirectory of the archive dir is used for individual backups (see --name ).\n\nThe combination of archive directory and backup name must be unique in order to\nseparate the data of different backups.\n\nThe interaction between the --archive-dir and the --name options allows for four\npossible combinations for the location of the archive dir:\n\n\n1.     neither specified (default)\n~/.cache/duplicity/hash-of-url\n\n2.     --archive-dir=/arch, no --name\n/arch/hash-of-url\n\n3.     no --archive-dir, --name=foo\n~/.cache/duplicity/foo\n\n4.     --archive-dir=/arch, --name=foo\n/arch/foo\n\n",
                    "long": "--allow-source-mismatch"
                },
                {
                    "name": "--asynchronous-upload",
                    "content": "(EXPERIMENTAL) Perform file uploads asynchronously in the background, with respect to\nvolume creation. This means that duplicity can upload a volume while, at the same\ntime, preparing the next volume for upload. The intended end-result is a faster\nbackup, because the local CPU and your bandwidth can be more consistently utilized.\nUse of this option implies additional need for disk space in the temporary storage\nlocation; rather than needing to store only one volume at a time, enough storage space\nis required to store two volumes.\n\n\n--backend-retry-delay number\nSpecifies the number of seconds that duplicity waits after an error has occured before\nattempting to repeat the operation.\n\n\n\n--cf-backend backend\nAllows the explicit selection of a cloudfiles backend. Defaults to pyrax.\nAlternatively you might choose cloudfiles.\n\n",
                    "long": "--asynchronous-upload"
                },
                {
                    "name": "--b2-hide-files",
                    "content": "Causes Duplicity to hide files in B2 instead of deleting them. Useful in combination\nwith B2's lifecycle rules.\n\n",
                    "long": "--b2-hide-files"
                },
                {
                    "name": "--compare-data",
                    "content": "Enable data comparison of regular files on action verify. This conducts a verify as\ndescribed above to verify the integrity of the backup archives, but additionally\ncompares restored files to those in targetdirectory.  Duplicity will not replace any\nfiles in targetdirectory. Duplicity will exit with a non-zero error level if the\nfiles do not correctly verify or if any files from the archive differ from those in\ntargetdirectory. On verbosity level 4 or higher, it will log a message for each file\nthat differs from its equivalent in targetdirectory.\n\n",
                    "long": "--compare-data"
                },
                {
                    "name": "--copy-links",
                    "content": "Resolve symlinks during backup.  Enabling this will resolve & back up the symlink's\nfile/folder data instead of the symlink itself, potentially increasing the size of the\nbackup.\n\n",
                    "long": "--copy-links"
                },
                {
                    "name": "--dry-run",
                    "content": "Calculate what would be done, but do not perform any backend actions\n\n\n--encrypt-key key-id\nWhen backing up, encrypt to the given public key, instead of using symmetric\n(traditional) encryption.  Can be specified multiple times.  The key-id can be given\nin any of the formats supported by GnuPG; see gpg(1), section \"HOW TO SPECIFY A USER\nID\" for details.\n\n\n\n--encrypt-secret-keyring filename\nThis option can only be used with --encrypt-key, and changes the path to the secret\nkeyring for the encrypt key to filename This keyring is not used when creating a\nbackup. If not specified, the default secret keyring is used which is usually located\nat .gnupg/secring.gpg\n\n\n--encrypt-sign-key key-id\nConvenience parameter. Same as --encrypt-key key-id --sign-key key-id.\n\n\n--exclude shellpattern\nExclude the file or files matched by shellpattern.  If a directory is matched, then\nfiles under that directory will also be matched.  See the FILE SELECTION section for\nmore information.\n\n",
                    "long": "--dry-run"
                },
                {
                    "name": "--exclude-device-files",
                    "content": "Exclude all device files.  This can be useful for security/permissions reasons or if\nduplicity is not handling device files correctly.\n\n\n--exclude-filelist filename\nExcludes the files listed in filename, with each line of the filelist interpreted\naccording to the same rules as --include and --exclude.  See the FILE SELECTION\nsection for more information.\n\n\n--exclude-if-present filename\nExclude directories if filename is present. Allows the user to specify folders that\nthey do not wish to backup by adding a specified file (e.g. \".nobackup\") instead of\nmaintaining a comprehensive exclude/include list.\n\n\n--exclude-older-than time\nExclude any files whose modification date is earlier than the specified time.  This\ncan be used to produce a partial backup that contains only recently changed files. See\nthe TIME FORMATS section for more information.\n\n",
                    "long": "--exclude-device-files"
                },
                {
                    "name": "--exclude-other-filesystems",
                    "content": "Exclude files on file systems (identified by device number) other than the file system\nthe root of the source directory is on.\n\n\n--exclude-regexp regexp\nExclude files matching the given regexp.  Unlike the --exclude option, this option\ndoes not match files in a directory it matches.  See the FILE SELECTION section for\nmore information.\n\n",
                    "long": "--exclude-other-filesystems"
                },
                {
                    "name": "--file-prefix, --file-prefix-manifest, --file-prefix-archive, --file-prefix-signature",
                    "content": "Adds a prefix to all files, manifest files, archive files, and/or signature files.\n\nThe same set of prefixes must be passed in on backup and restore.\n\nIf both global and type-specific prefixes are set, global prefix will go before type-\nspecific prefixes.\n\nSee also A NOTE ON FILENAME PREFIXES\n\n\n--file-to-restore path\nThis option may be given in restore mode, causing only path to be restored instead of\nthe entire contents of the backup archive.  path should be given relative to the root\nof the directory backed up.\n\n\n--full-if-older-than time\nPerform a full backup if an incremental backup is requested, but the latest full\nbackup in the collection is older than the given time.  See the TIME FORMATS section\nfor more information.\n\n",
                    "long": "--file-prefix-signature"
                },
                {
                    "name": "--force",
                    "content": "Proceed even if data loss might result.  Duplicity will let the user know when this\noption is required.\n\n",
                    "long": "--force"
                },
                {
                    "name": "--ftp-passive",
                    "content": "Use passive (PASV) data connections.  The default is to use passive, but to fallback\nto regular if the passive connection fails or times out.\n\n",
                    "long": "--ftp-passive"
                },
                {
                    "name": "--ftp-regular",
                    "content": "Use regular (PORT) data connections.\n\n\n--gio  Use the GIO backend and interpret any URLs as GIO would.\n\n\n--hidden-encrypt-key key-id\nSame as --encrypt-key, but it hides user's key id from encrypted file. It uses the\ngpg's --hidden-recipient command to obfuscate the owner of the backup. On restore, gpg\nwill automatically try all available secret keys in order to decrypt the backup. See\ngpg(1) for more details.\n\n\n",
                    "long": "--ftp-regular"
                },
                {
                    "name": "--ignore-errors",
                    "content": "Try to ignore certain errors if they happen. This option is only intended to allow the\nrestoration of a backup in the face of certain problems that would otherwise cause the\nbackup to fail. It is not ever recommended to use this option unless you have a\nsituation where you are trying to restore from backup and it is failing because of an\nissue which you want duplicity to ignore. Even then, depending on the issue, this\noption may not have an effect.\n\nPlease note that while ignored errors will be logged, there will be no summary at the\nend of the operation to tell you what was ignored, if anything. If this is used for\nemergency restoration of data, it is recommended that you run the backup in such a way\nthat you can revisit the backup log (look for lines containing the string\nIGNOREDERROR).\n\nIf you ever have to use this option for reasons that are not understood or understood\nbut not your own responsibility, please contact duplicity maintainers. The need to use\nthis option under production circumstances would normally be considered a bug.\n\n\n--imap-full-address emailaddress\nThe full email address of the user name when logging into an imap server.  If not\nsupplied just the user name part of the email address is used.\n\n\n--imap-mailbox option\nAllows you to specify a different mailbox.  The default is \"INBOX\".  Other languages\nmay require a different mailbox than the default.\n\n\n--gpg-binary filepath\nAllows you to force duplicity to use filepath as gpg command line binary. Can be an\nabsolute or relative file path or a file name.  Default value is 'gpg'. The binary\nwill be localized via the PATH environment variable.\n\n\n--gpg-options options\nAllows you to pass options to gpg encryption.  The options list should be of the form\n\"--opt1 --opt2=parm\" where the string is quoted and the only spaces allowed are\nbetween options.\n\n\n--include shellpattern\nSimilar to --exclude but include matched files instead.  Unlike --exclude, this option\nwill also match parent directories of matched files (although not necessarily their\ncontents).  See the FILE SELECTION section for more information.\n\n\n--include-filelist filename\nLike --exclude-filelist, but include the listed files instead.  See the FILE SELECTION\nsection for more information.\n\n\n--include-regexp regexp\nInclude files matching the regular expression regexp.  Only files explicitly matched\nby regexp will be included by this option.  See the FILE SELECTION section for more\ninformation.\n\n\n--log-fd number\nWrite specially-formatted versions of output messages to the specified file\ndescriptor.  The format used is designed to be easily consumable by other programs.\n\n\n--log-file filename\nWrite specially-formatted versions of output messages to the specified file.  The\nformat used is designed to be easily consumable by other programs.\n\n\n--max-blocksize number\ndetermines the number of the blocks examined for changes during the diff process.  For\nfiles < 1MB the blocksize is a constant of 512.  For files over 1MB the size is given\nby:\n\nfileblocksize = int((filelen / (2000 * 512)) * 512)\nreturn min(fileblocksize, config.maxblocksize)\n\nwhere config.maxblocksize defaults to 2048.  If you specify a larger maxblocksize,\nyour difftar files will be larger, but your sigtar files will be smaller.  If you\nspecify a smaller maxblocksize, the reverse occurs.  The --max-blocksize option\nshould be in multiples of 512.\n\n\n--name symbolicname\nSet the symbolic name of the backup being operated on. The intent is to use a separate\nname for each logically distinct backup. For example, someone may use \"homedailys3\"\nfor the daily backup of a home directory to Amazon S3. The structure of the name is up\nto the user, it is only important that the names be distinct. The symbolic name is\ncurrently only used to affect the expansion of --archive-dir , but may be used for\nadditional features in the future. Users running more than one distinct backup are\nencouraged to use this option.\n\nIf not specified, the default value is a hash of the backend URL.\n\n",
                    "long": "--ignore-errors"
                },
                {
                    "name": "--no-compression",
                    "content": "Do not use GZip to compress files on remote system.\n\n",
                    "long": "--no-compression"
                },
                {
                    "name": "--no-encryption",
                    "content": "Do not use GnuPG to encrypt files on remote system.\n\n",
                    "long": "--no-encryption"
                },
                {
                    "name": "--no-print-statistics",
                    "content": "By default duplicity will print statistics about the current session after a\nsuccessful backup.  This switch disables that behavior.\n\n",
                    "long": "--no-print-statistics"
                },
                {
                    "name": "--null-separator",
                    "content": "Use nulls (\\0) instead of newlines (\\n) as line separators, which may help when\ndealing with filenames containing newlines.  This affects the expected format of the\nfiles specified by the --{include|exclude}-filelist switches as well as the format of\nthe directory statistics file.\n\n",
                    "long": "--null-separator"
                },
                {
                    "name": "--numeric-owner",
                    "content": "On restore always use the numeric uid/gid from the archive and not the archived\nuser/group names, which is the default behaviour.  Recommended for restoring from live\ncds which might have the users with identical names but different uids/gids.\n\n",
                    "long": "--numeric-owner"
                },
                {
                    "name": "--do-not-restore-ownership",
                    "content": "Ignores the uid/gid from the archive and keeps the current user's one.  Recommended\nfor restoring data to mounted filesystem which do not support Unix ownership or when\nroot privileges are not available.\n\n\n--num-retries number\nNumber of retries to make on errors before giving up.\n\n",
                    "long": "--do-not-restore-ownership"
                },
                {
                    "name": "--old-filenames",
                    "content": "Use the old filename format (incompatible with Windows/Samba) rather than the new\nfilename format.\n\n\n--par2-options options\nVerbatim options to pass to par2.\n\n\n--par2-redundancy percent\nAdjust the level of redundancy in percent for Par2 recovery files (default 10%).\n\n",
                    "long": "--old-filenames"
                },
                {
                    "name": "--progress",
                    "content": "When selected, duplicity will output the current upload progress and estimated upload\ntime. To annotate changes, it will perform a first dry-run before a full or\nincremental, and then runs the real operation estimating the real upload progress.\n\n\n--progress-rate number\nSets the update rate at which duplicity will output the upload progress messages\n(requires --progress option). Default is to print the status each 3 seconds.\n\n\n--rename <original path> <new path>\nTreats the path orig in the backup as if it were the path new.  Can be passed multiple\ntimes. An example:\n\nduplicity restore --rename Documents/metal Music/metal sftp://uid@other.host/somedir\n/home/me\n\n\n--rsync-options options\nAllows you to pass options to the rsync backend.  The options list should be of the\nform \"opt1=parm1 opt2=parm2\" where the option string is quoted and the only spaces\nallowed are between options. The option string will be passed verbatim to rsync, after\nany internally generated option designating the remote port to use. Here is a possibly\nuseful example:\n\nduplicity --rsync-options=\"--partial-dir=.rsync-partial\" /home/me\nrsync://uid@other.host/somedir\n\n",
                    "long": "--progress"
                },
                {
                    "name": "--s3-european-buckets",
                    "content": "When using the Amazon S3 backend, create buckets in Europe instead of the default\n(requires --s3-use-new-style ). Also see the EUROPEAN S3 BUCKETS section.\n\nThis option does not apply when using the newer boto3 backend, which does not create\nbuckets.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-european-buckets"
                },
                {
                    "name": "--s3-unencrypted-connection",
                    "content": "Don't use SSL for connections to S3.\n\nThis may be much faster, at some cost to confidentiality.\n\nWith this option, anyone who can observe traffic between your computer and S3 will be\nable to tell: that you are using Duplicity, the name of the bucket, your AWS Access\nKey ID, the increment dates and the amount of data in each increment.\n\nThis option affects only the connection, not the GPG encryption of the backup\nincrement files.  Unless that is disabled, an observer will not be able to see the\nfile names or contents.\n\nThis option is not available when using the newer boto3 backend.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-unencrypted-connection"
                },
                {
                    "name": "--s3-use-new-style",
                    "content": "When operating on Amazon S3 buckets, use new-style subdomain bucket addressing. This\nis now the preferred method to access Amazon S3, but is not backwards compatible if\nyour bucket name contains upper-case characters or other characters that are not valid\nin a hostname.\n\nThis option has no effect when using the newer boto3 backend, which will always use\nnew style subdomain bucket naming.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-use-new-style"
                },
                {
                    "name": "--s3-use-rrs",
                    "content": "Store volumes using Reduced Redundancy Storage when uploading to Amazon S3.  This will\nlower the cost of storage but also lower the durability of stored volumes to 99.99%\ninstead the 99.999999999% durability offered by Standard Storage on S3.\n\n",
                    "long": "--s3-use-rrs"
                },
                {
                    "name": "--s3-use-ia",
                    "content": "Store volumes using Standard - Infrequent Access when uploading to Amazon S3.  This\nstorage class has a lower storage cost but a higher per-request cost, and the storage\ncost is calculated against a 30-day storage minimum. According to Amazon, this storage\nis ideal for long-term file storage, backups, and disaster recovery.\n\n",
                    "long": "--s3-use-ia"
                },
                {
                    "name": "--s3-use-onezone-ia",
                    "content": "Store volumes using One Zone - Infrequent Access when uploading to Amazon S3.  This\nstorage is similar to Standard - Infrequent Access, but only stores object data in one\nAvailability Zone.\n\n",
                    "long": "--s3-use-onezone-ia"
                },
                {
                    "name": "--s3-use-glacier",
                    "content": "Store volumes using Glacier S3 when uploading to Amazon S3. This storage class has a\nlower cost of storage but a higher per-request cost along with delays of up to 12\nhours from the time of retrieval request. This storage cost is calculated against a\n90-day storage minimum. According to Amazon this storage is ideal for data archiving\nand long-term backup offering 99.999999999% durability.  To restore a backup you will\nhave to manually migrate all data stored on AWS Glacier back to Standard S3 and wait\nfor AWS to complete the migration.  Notice: Duplicity will store the manifest.gpg\nfiles from full and incremental backups on AWS S3 standard storage to allow quick\nretrieval for later incremental backups, all other data is stored in S3 Glacier.\n\n",
                    "long": "--s3-use-glacier"
                },
                {
                    "name": "--s3-use-deep-archive",
                    "content": "Store volumes using Glacier Deep Archive S3 when uploading to Amazon S3. This storage\nclass has a lower cost of storage but a higher per-request cost along with delays of\nup to 48 hours from the time of retrieval request. This storage cost is calculated\nagainst a 180-day storage minimum. According to Amazon this storage is ideal for data\narchiving and long-term backup offering 99.999999999% durability.  To restore a backup\nyou will have to manually migrate all data stored on AWS Glacier Deep Archive back to\nStandard S3 and wait for AWS to complete the migration.  Notice: Duplicity will store\nthe manifest.gpg files from full and incremental backups on AWS S3 standard storage to\nallow quick retrieval for later incremental backups, all other data is stored in S3\nGlacier Deep Archive.\n\nGlacier Deep Archive is only available when using the newer boto3 backend.\n\n",
                    "long": "--s3-use-deep-archive"
                },
                {
                    "name": "--s3-use-multiprocessing",
                    "content": "Allow multipart volumne uploads to S3 through multiprocessing. This option requires\nPython 2.6 and can be used to make uploads to S3 more efficient.  If enabled, files\nduplicity uploads to S3 will be split into chunks and uploaded in parallel. Useful if\nyou want to saturate your bandwidth or if large files are failing during upload.\n\nThis has no effect when using the newer boto3 backend.  Boto3 always attempts to\nmultiprocessing when it is believed it will be more efficient.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-use-multiprocessing"
                },
                {
                    "name": "--s3-use-server-side-encryption",
                    "content": "Allow use of server side encryption in S3\n\n",
                    "long": "--s3-use-server-side-encryption"
                },
                {
                    "name": "--s3-multipart-chunk-size",
                    "content": "Chunk size (in MB) used for S3 multipart uploads. Make this smaller than --volsize to\nmaximize the use of your bandwidth. For example, a chunk size of 10MB with a volsize\nof 30MB will result in 3 chunks per volume upload.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-multipart-chunk-size"
                },
                {
                    "name": "--s3-multipart-max-procs",
                    "content": "Specify the maximum number of processes to spawn when performing a multipart upload to\nS3. By default, this will choose the number of processors detected on your system\n(e.g. 4 for a 4-core system). You can adjust this number as required to ensure you\ndon't overload your system while maximizing the use of your bandwidth.\n\nThis has no effect when using the newer boto3 backend.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-multipart-max-procs"
                },
                {
                    "name": "--s3-multipart-max-timeout",
                    "content": "You can control the maximum time (in seconds) a multipart upload can spend on\nuploading a single chunk to S3. This may be useful if you find your system hanging on\nmultipart uploads or if you'd like to control the time variance when uploading to S3\nto ensure you kill connections to slow S3 endpoints.\n\nThis has no effect when using the newer boto3 backend.\n\nSee also A NOTE ON AMAZON S3 below.\n\n",
                    "long": "--s3-multipart-max-timeout"
                },
                {
                    "name": "--s3-region-name",
                    "content": "Specifies the region of the S3 storage.\n\nThis is currently only used in the newer boto3 backend.\n\n",
                    "long": "--s3-region-name"
                },
                {
                    "name": "--s3-endpoint-url",
                    "content": "Specifies the endpoint URL of the S3 storage.\n\nThis is currently only used in the newer boto3 backend.\n\n",
                    "long": "--s3-endpoint-url"
                },
                {
                    "name": "--azure-blob-tier",
                    "content": "Standard storage tier used for backup files (Hot|Cool|Archive).\n\n",
                    "long": "--azure-blob-tier"
                },
                {
                    "name": "--azure-max-single-put-size",
                    "content": "Specify the number of the largest supported upload size where the Azure library makes\nonly one put call. If the content size is known and below this value the Azure library\nwill only perform one put request to upload one block.  The number is expected to be\nin bytes.\n\n",
                    "long": "--azure-max-single-put-size"
                },
                {
                    "name": "--azure-max-block-size",
                    "content": "Specify the number for the block size used by the Azure library to upload blobs if it\nis split into multiple blocks.  The maximum block size the service supports is\n104857600 (100MiB) and the default is 4194304 (4MiB)\n\n",
                    "long": "--azure-max-block-size"
                },
                {
                    "name": "--azure-max-connections",
                    "content": "Specify the number of maximum connections to transfer one blob to Azure blob size\nexceeds 64MB. The default values is 2.\n\n\n--scp-command command\n(only ssh pexpect backend with --use-scp enabled) The command will be used instead of\n\"scp\" to send or receive files.  To list and delete existing files, the sftp command\nis used.\nSee also A NOTE ON SSH BACKENDS section SSH pexpect backend.\n\n\n--sftp-command command\n(only ssh pexpect backend) The command will be used instead of \"sftp\".\nSee also A NOTE ON SSH BACKENDS section SSH pexpect backend.\n\n",
                    "long": "--azure-max-connections"
                },
                {
                    "name": "--short-filenames",
                    "content": "If this option is specified, the names of the files duplicity writes will be shorter\n(about 30 chars) but less understandable.  This may be useful when backing up to MacOS\nor another OS or FS that doesn't support long filenames.\n\n\n--sign-key key-id\nThis option can be used when backing up, restoring or verifying.  When backing up, all\nbackup files will be signed with keyid key.  When restoring, duplicity will signal an\nerror if any remote file is not signed with the given key-id. The key-id can be given\nin any of the formats supported by GnuPG; see gpg(1), section \"HOW TO SPECIFY A USER\nID\" for details.  Should be specified only once because currently only one signing key\nis supported. Last entry overrides all other entries.\nSee also A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING\n\n",
                    "long": "--short-filenames"
                },
                {
                    "name": "--ssh-askpass",
                    "content": "Tells the ssh backend to prompt the user for the remote system password, if it was not\ndefined in target url and no FTPPASSWORD env var is set.  This password is also used\nfor passphrase-protected ssh keys.\n\n\n--ssh-options options\nAllows you to pass options to the ssh backend.  Can be specified multiple times or as\na space separated options list.  The options list should be of the form\n\"-oOpt1='parm1' -oOpt2='parm2'\" where the option string is quoted and the only spaces\nallowed are between options. The option string will be passed verbatim to both scp and\nsftp, whose command line syntax differs slightly hence the options should therefore be\ngiven in the long option format described in sshconfig(5).\n\nexample of a list:\n\nduplicity --ssh-options=\"-oProtocol=2 -oIdentityFile='/my/backup/id'\" /home/me\nscp://user@host/somedir\n\nexample with multiple parameters:\n\nduplicity --ssh-options=\"-oProtocol=2\" --ssh-options=\"-oIdentityFile='/my/backup/id'\"\n/home/me scp://user@host/somedir\n\nNOTE: The ssh paramiko backend currently supports only the -i or -oIdentityFile or\n-oUserKnownHostsFile or -oGlobalKnownHostsFile settings. If needed provide more host\nspecific options via sshconfig file.\n\n\n--ssl-cacert-file file\n(only webdav & lftp backend) Provide a cacert file for ssl certificate verification.\nSee also A NOTE ON SSL CERTIFICATE VERIFICATION.\n\n\n--ssl-cacert-path path/to/certs/\n(only webdav backend and python 2.7.9+ OR lftp+webdavs and a recent lftp) Provide a\npath to a folder containing cacert files for ssl certificate verification.\nSee also A NOTE ON SSL CERTIFICATE VERIFICATION.\n\n",
                    "long": "--ssh-askpass"
                },
                {
                    "name": "--ssl-no-check-certificate",
                    "content": "(only webdav & lftp backend) Disable ssl certificate verification.\nSee also A NOTE ON SSL CERTIFICATE VERIFICATION.\n\n",
                    "long": "--ssl-no-check-certificate"
                },
                {
                    "name": "--swift-storage-policy",
                    "content": "Use this storage policy when operating on Swift containers.\nSee also A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS.\n\n\n--metadata-sync-mode mode\nThis option defaults to 'partial', but you can set it to 'full'\nUse 'partial' to avoid syncing metadata for backup chains that you are not going to\nuse.  This saves time when restoring for the first time, and lets you restore an old\nbackup that was encrypted with a different passphrase by supplying only the target\npassphrase.\nUse 'full' to sync metadata for all backup chains on the remote.\n\n\n--tempdir directory\nUse this existing directory for duplicity temporary files instead of the system\ndefault, which is usually the /tmp directory. This option supersedes any environment\nvariable.\nSee also ENVIRONMENT VARIABLES.\n\n",
                    "long": "--swift-storage-policy"
                },
                {
                    "name": "-t --time --restore-time",
                    "content": "Specify the time from which to restore or list files.\n\n\n--time-separator char\nUse char as the time separator in filenames instead of colon (\":\").\n\n\n--timeout seconds\nUse seconds as the socket timeout value if duplicity begins to timeout during network\noperations.  The default is 30 seconds.\n\n",
                    "flag": "-t",
                    "long": "--restore-time"
                },
                {
                    "name": "--use-agent",
                    "content": "If this option is specified, then --use-agent is passed to the GnuPG encryption\nprocess and it will try to connect to gpg-agent before it asks for a passphrase for\n--encrypt-key or --sign-key if needed.\nNote: Contrary to previous versions of duplicity, this option will also be honored by\nGnuPG 2 and newer versions. If GnuPG 2 is in use, duplicity passes the option\n--pinentry-mode=loopback to the the gpg process unless --use-agent is specified on the\nduplicity command line. This has the effect that GnuPG 2 uses the agent only if --use-\nagent is given, just like GnuPG 1.\n\n\n--verbosity level, -vlevel\nSpecify output verbosity level (log level).  Named levels and corresponding values are\n0 Error, 2 Warning, 4 Notice (default), 8 Info, 9 Debug (noisiest).\nlevel may also be\na character: e, w, n, i, d\na word: error, warning, notice, info, debug\n\nThe options -v4, -vn and -vnotice are functionally equivalent, as are the mixed/upper-\ncase versions -vN, -vNotice and -vNOTICE.\n\n",
                    "long": "--use-agent"
                },
                {
                    "name": "--version",
                    "content": "Print duplicity's version and quit.\n\n\n--volsize number\nChange the volume size to number MB. Default is 200MB.\n\n",
                    "long": "--version"
                }
            ]
        },
        "ENVIRONMENT VARIABLES": {
            "content": "",
            "subsections": [
                {
                    "name": "TMPDIR, TEMP, TMP",
                    "content": "In decreasing order of importance, specifies the directory to use for temporary files\n(inherited from Python's tempfile module).  Eventually the option --tempdir supercedes\nany of these.\n\nFTPPASSWORD\nSupported by most backends which are password capable. More secure than setting it in\nthe backend url (which might be readable in the operating systems process listing to\nother users on the same machine).\n\nPASSPHRASE\nThis passphrase is passed to GnuPG. If this is not set, the user will be prompted for\nthe passphrase.\n\nSIGNPASSPHRASE\nThe passphrase to be used for --sign-key.  If ommitted and sign key is also one of the\nkeys to encrypt against PASSPHRASE will be reused instead.  Otherwise, if passphrase\nis needed but not set the user will be prompted for it.\n\nOther environment variables may be used to configure specific backends.  See the notes\nfor the particular backend.\n\n"
                }
            ]
        },
        "URL FORMAT": {
            "content": "Duplicity uses the URL format (as standard as possible) to define data locations.  The\ngeneric format for a URL is:\n\nscheme://[user[:password]@]host[:port]/[/]path\n\nIt is not recommended to expose the password on the command line since it could be revealed\nto anyone with permissions to do process listings, it is permitted however.  Consider setting\nthe environment variable FTPPASSWORD instead, which is used by most, if not all backends,\nregardless of it's name.\n\nIn protocols that support it, the path may be preceded by a single slash, '/path', to\nrepresent a relative path to the target home directory, or preceded by a double slash,\n'//path', to represent an absolute filesystem path.\n",
            "subsections": [
                {
                    "name": "Note:",
                    "content": "Scheme (protocol) access may be provided by more than one backend.  In case the\ndefault backend is buggy or simply not working in a specific case it might be worth\ntrying an alternative implementation.  Alternative backends can be selected by\nprefixing the scheme with the name of the alternative backend e.g.  ncftp+ftp:// and\nare mentioned below the scheme's syntax summary.\n\n\nFormats of each of the URL schemes follow:\n\n"
                },
                {
                    "name": "Amazon Drive Backend",
                    "content": "ad://somedir\n\nSee also A NOTE ON AMAZON DRIVE\n"
                },
                {
                    "name": "Azure",
                    "content": "azure://container-name\n\nSee also A NOTE ON AZURE ACCESS\n\nB2\n\nb2://accountid[:applicationkey]@bucketname/[folder/]\n"
                },
                {
                    "name": "Box",
                    "content": "box:///somedir[?config=pathtoconfig]\n\nSee also A NOTE ON BOX ACCESS\n\nCloud Files (Rackspace)\n\ncf+http://containername\n\nSee also A NOTE ON CLOUD FILES ACCESS\n"
                },
                {
                    "name": "Dropbox",
                    "content": "dpbx:///somedir\n\nMake sure to read A NOTE ON DROPBOX ACCESS first!\n"
                },
                {
                    "name": "Local file path",
                    "content": "file://[relative|/absolute]/local/path\n\nFISH (Files transferred over Shell protocol) over ssh\n\nfish://user[:pwd]@other.host[:port]/[relative|/absolute]path\n\nFTP\n\nftp[s]://user[:password]@other.host[:port]/somedir\n\nNOTE: use lftp+, ncftp+ prefixes to enforce a specific backend, default is\nlftp+ftp://...\n"
                },
                {
                    "name": "Google Docs",
                    "content": "gdocs://user[:password]@other.host/somedir\n\nNOTE: use pydrive+, gdata+ prefixes to enforce a specific backend, default is\npydrive+gdocs://...\n"
                },
                {
                    "name": "Google Cloud Storage",
                    "content": "gs://bucket[/prefix]\n\nHSI\n\nhsi://user[:password]@other.host/somedir\n"
                },
                {
                    "name": "hubiC",
                    "content": "cf+hubic://containername\n\nSee also A NOTE ON HUBIC\n"
                },
                {
                    "name": "IMAP email storage",
                    "content": "imap[s]://user[:password]@host.com[/fromaddressprefix]\n\nSee also A NOTE ON IMAP\n"
                },
                {
                    "name": "MEGA.nz cloud storage (only works for accounts created prior to November 2018, uses",
                    "content": ""
                },
                {
                    "name": "\"megatools\")",
                    "content": "mega://user[:password]@mega.nz/somedir\n\nNOTE: if not given in the URL, relies on password being stored within $HOME/.megarc\n(as used by the \"megatools\" utilities)\n"
                },
                {
                    "name": "MEGA.nz cloud storage (works for all MEGA accounts, uses \"MEGAcmd\" tools)",
                    "content": "megav2://user[:password]@mega.nz/somedir\nmegav3://user[:password]@mega.nz/somedir[?nologout=1] (For latest MEGAcmd)\n\nNOTE: despite \"MEGAcmd\" no longer uses a configuration file, for convenience storing\nthe user password this backend searches it in the $HOME/.megav2rc file (same syntax as\nthe old $HOME/.megarc)\n[Login]\nUsername = MEGAUSERNAME\nPassword = MEGAPASSWORD\n"
                },
                {
                    "name": "OneDrive Backend",
                    "content": "onedrive://somedir\n"
                },
                {
                    "name": "Par2 Wrapper Backend",
                    "content": "par2+scheme://[user[:password]@]host[:port]/[/]path\n\nSee also A NOTE ON PAR2 WRAPPER BACKEND\n"
                },
                {
                    "name": "Rclone Backend",
                    "content": "rclone://remote:/somedir\n\nSee also A NOTE ON RCLONE BACKEND\n"
                },
                {
                    "name": "Rsync via daemon",
                    "content": "rsync://user[:password]@host.com[:port]::[/]module/somedir\n"
                },
                {
                    "name": "Rsync over ssh (only key auth)",
                    "content": "rsync://user@host.com[:port]/[relative|/absolute]path\n\nS3 storage (Amazon)\n\ns3://host[:port]/bucketname[/prefix]\ns3+http://bucketname[/prefix]\ndefaults to the legacy boto backend based on boto v2 (last update 2018/07)\nalternatively try the newer boto3+s3://bucketname[/prefix]\n\nFor details see A NOTE ON AMAZON S3 and see also A NOTE ON EUROPEAN S3 BUCKETS below.\n"
                },
                {
                    "name": "SCP/SFTP access",
                    "content": "scp://.. or\nsftp://user[:pwd]@other.host[:port]/[relative|/absolute]path\n\ndefaults are paramiko+scp:// and paramiko+sftp://\nalternatively try pexpect+scp://, pexpect+sftp://, lftp+sftp://\nSee also --ssh-askpass, --ssh-options and A NOTE ON SSH BACKENDS.\n\nSwift (Openstack)\n\nswift://containername[/prefix]\n\nSee also A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS\n\nPublic Cloud Archive (OVH)\n\npca://containername[/prefix]\n\nSee also A NOTE ON PCA ACCESS\n"
                },
                {
                    "name": "Tahoe-LAFS",
                    "content": "tahoe://alias/directory\n"
                },
                {
                    "name": "WebDAV",
                    "content": "webdav[s]://user[:password]@other.host[:port]/somedir\n\nalternatively try lftp+webdav[s]://\n"
                },
                {
                    "name": "pydrive",
                    "content": "pydrive://<service account' email address>@developer.gserviceaccount.com/somedir\n\nSee also A NOTE ON PYDRIVE BACKEND below.\n"
                },
                {
                    "name": "gdrive",
                    "content": "gdrive://<service account' email address>@developer.gserviceaccount.com/somedir\n\nSee also A NOTE ON GDRIVE BACKEND below.\n"
                },
                {
                    "name": "multi",
                    "content": "multi:///path/to/config.json\n\nSee also A NOTE ON MULTI BACKEND below.\n"
                },
                {
                    "name": "MediaFire",
                    "content": "mf://user[:password]@mediafire.com/somedir\n\nSee also A NOTE ON MEDIAFIRE BACKEND below.\n\n"
                }
            ]
        },
        "TIME FORMATS": {
            "content": "duplicity uses time strings in two places.  Firstly, many of the files duplicity creates will\nhave the time in their filenames in the w3 datetime format as described in a w3 note at\nhttp://www.w3.org/TR/NOTE-datetime.  Basically they look like \"2001-07-15T04:09:38-07:00\",\nwhich means what it looks like.  The \"-07:00\" section means the time zone is 7 hours behind\nUTC.\n\nSecondly, the -t, --time, and --restore-time options take a time string, which can be given\nin any of several formats:\n\n1.     the string \"now\" (refers to the current time)\n\n2.     a sequences of digits, like \"123456890\" (indicating the time in seconds after the\nepoch)\n\n3.     A string like \"2002-01-25T07:00:00+02:00\" in datetime format\n\n4.     An interval, which is a number followed by one of the characters s, m, h, D, W, M, or\nY (indicating seconds, minutes, hours, days, weeks, months, or years respectively), or\na series of such pairs.  In this case the string refers to the time that preceded the\ncurrent time by the length of the interval.  For instance, \"1h78m\" indicates the time\nthat was one hour and 78 minutes ago.  The calendar here is unsophisticated: a month\nis always 30 days, a year is always 365 days, and a day is always 86400 seconds.\n\n5.     A date format of the form YYYY/MM/DD, YYYY-MM-DD, MM/DD/YYYY, or MM-DD-YYYY, which\nindicates midnight on the day in question, relative to the current time zone settings.\nFor instance, \"2002/3/5\", \"03-05-2002\", and \"2002-3-05\" all mean March 5th, 2002.\n\n",
            "subsections": []
        },
        "FILE SELECTION": {
            "content": "When duplicity is run, it searches through the given source directory and backs up all the\nfiles specified by the file selection system.  The file selection system comprises a number\nof file selection conditions, which are set using one of the following command line options:\n--exclude\n--exclude-device-files\n--exclude-if-present\n--exclude-filelist\n--exclude-regexp\n--include\n--include-filelist\n--include-regexp\nEach file selection condition either matches or doesn't match a given file.  A given file is\nexcluded by the file selection system exactly when the first matching file selection\ncondition specifies that the file be excluded; otherwise the file is included.\n\nFor instance,\n\nduplicity --include /usr --exclude /usr /usr scp://user@host/backup\n\nis exactly the same as\n\nduplicity /usr scp://user@host/backup\n\nbecause the include and exclude directives match exactly the same files, and the --include\ncomes first, giving it precedence.  Similarly,\n\nduplicity --include /usr/local/bin --exclude /usr/local /usr scp://user@host/backup\n\nwould backup the /usr/local/bin directory (and its contents), but not /usr/local/doc.\n\nThe include, exclude, include-filelist, and exclude-filelist options accept some extended\nshell globbing patterns.  These patterns can contain *, , ?, and [...]  (character ranges).\nAs in a normal shell, * can be expanded to any string of characters not containing \"/\", ?\nexpands to any character except \"/\", and [...]  expands to a single character of those\ncharacters specified (ranges are acceptable).  The new special pattern, , expands to any\nstring of characters whether or not it contains \"/\".  Furthermore, if the pattern starts with\n\"ignorecase:\" (case insensitive), then this prefix will be removed and any character in the\nstring can be replaced with an upper- or lowercase version of itself.\n\nRemember that you may need to quote these characters when typing them into a shell, so the\nshell does not interpret the globbing patterns before duplicity sees them.\n\nThe --exclude pattern option matches a file if:\n\n1.  pattern can be expanded into the file's filename, or\n2.  the file is inside a directory matched by the option.\n\nConversely, the --include pattern matches a file if:\n\n1.  pattern can be expanded into the file's filename, or\n2.  the file is inside a directory matched by the option, or\n3.  the file is a directory which contains a file matched by the option.\n\nFor example,\n\n--exclude /usr/local\n\nmatches e.g. /usr/local, /usr/local/lib, and /usr/local/lib/netscape.  It is the same as\n--exclude /usr/local --exclude '/usr/local/'.\n\nOn the other hand\n\n--include /usr/local\n\nspecifies that /usr, /usr/local, /usr/local/lib, and /usr/local/lib/netscape (but not\n/usr/doc) all be backed up. Thus you don't have to worry about including parent directories\nto make sure that included subdirectories have somewhere to go.\n\nFinally,\n\n--include ignorecase:'/usr/[a-z0-9]foo/*/.py'\n\nwould match a file like /usR/5fOO/hello/there/world.py.  If it did match anything, it would\nalso match /usr.  If there is no existing file that the given pattern can be expanded into,\nthe option will not match /usr alone.\n\nThe --include-filelist, and --exclude-filelist, options also introduce file selection\nconditions.  They direct duplicity to read in a text file (either ASCII or UTF-8), each line\nof which is a file specification, and to include or exclude the matching files.  Lines are\nseparated by newlines or nulls, depending on whether the --null-separator switch was given.\nEach line in the filelist will be interpreted as a globbing pattern the way --include and\n--exclude options are interpreted, except that lines starting with \"+ \" are interpreted as\ninclude directives, even if found in a filelist referenced by --exclude-filelist.  Similarly,\nlines starting with \"- \" exclude files even if they are found within an include filelist.\n\nFor example, if file \"list.txt\" contains the lines:\n\n/usr/local\n- /usr/local/doc\n/usr/local/bin\n+ /var\n- /var\n\nthen --include-filelist list.txt would include /usr, /usr/local, and /usr/local/bin.  It\nwould exclude /usr/local/doc, /usr/local/doc/python, etc.  It would also include\n/usr/local/man, as this is included within /user/local.  Finally, it is undefined what\nhappens with /var.  A single file list should not contain conflicting file specifications.\n\nEach line in the filelist will also be interpreted as a globbing pattern the way --include\nand --exclude options are interpreted.  For instance, if the file \"list.txt\" contains the\nlines:\n\ndir/foo\n+ dir/bar\n-\n\nThen --include-filelist list.txt would be exactly the same as specifying --include dir/foo\n--include dir/bar --exclude  on the command line.\n\nFinally, the --include-regexp and --exclude-regexp options allow files to be included and\nexcluded if their filenames match a python regular expression.  Regular expression syntax is\ntoo complicated to explain here, but is covered in Python's library reference.  Unlike the\n--include and --exclude options, the regular expression options don't match files containing\nor contained in matched files.  So for instance\n\n--include '[0-9]{7}(?!foo)'\n\nmatches any files whose full pathnames contain 7 consecutive digits which aren't followed by\n'foo'.  However, it wouldn't match /home even if /home/ben/1234567 existed.\n\n",
            "subsections": []
        },
        "A NOTE ON AMAZON DRIVE": {
            "content": "1.     The API Keys used for Amazon Drive have not been granted production limits.  Amazon do\nnot say what the development limits are and are not replying to to requests to\nwhitelist duplicity. A related tool, acdcli, was demoted to development limits, but\ncontinues to work fine except for cases of excessive usage. If you experience\nthrottling and similar issues with Amazon Drive using this backend, please report them\nto the mailing list.\n\n2.     If you previously used the acd+acdcli backend, it is strongly recommended to update to\nthe ad backend instead, since it interfaces directly with Amazon Drive. You will need\nto setup the OAuth once again, but can otherwise keep your backups and config.\n\n",
            "subsections": []
        },
        "A NOTE ON AMAZON S3": {
            "content": "When backing up to Amazon S3, two backend implementations are available.  The schemes \"s3\"\nand \"s3+http\" are implemented using the older boto library, which has been deprecated and is\nno longer supported.  The \"boto3+s3\" scheme is based on the newer boto3 library. This new\nbackend fixes several known limitations in the older backend, which have crept in as Amazon\nS3 has evolved while the deprecated boto library has not kept up.\n\nThe boto3 backend should behave largely the same as the older S3 backend, but there are some\ndifferences in the handling of some of the \"S3\" options.  Additionally, there are some\ncompatibility differences with the new backed.  Because of these reasons, both backends have\nbeen retained for the time being.  See the documentation for specific options regarding\ndifferences related to each backend.\n\nThe boto3 backend does not support bucket creation.  This is a deliberate choice which\nsimplifies the code, and side steps problems related to region selection.  Additionally, it\nis probably not a good practice to give your backup role bucket creation rights.  In most\ncases the role used for backups should probably be limited to specific buckets.\n\nThe boto3 backend only supports newer domain style buckets.  Amazon is moving to deprecate\nthe older bucket style, so migration is recommended.  Use the older s3 backend for\ncompatibility with backups stored in buckets using older naming conventions.\n\nThe boto3 backend does not currently support initiating restores from the glacier storage\nclass.  When restoring a backup from glacier or glacier deep archive, the backup files must\nfirst be restored out of band.  There are multiple options when restoring backups from cold\nstorage, which vary in both cost and speed.  See Amazon's documentation for details.\n\n",
            "subsections": []
        },
        "A NOTE ON AZURE ACCESS": {
            "content": "The Azure backend requires the Microsoft Azure Storage Blobs client library for Python to be\ninstalled on the system.  See REQUIREMENTS.\n\nIt uses the environment variable AZURECONNECTIONSTRING (required).  This string contains\nall necessary information such as Storage Account name and the key for authentication.  You\ncan find it under Access Keys for the storage account.\n\nDuplicity will take care to create the container when performing the backup.  Do not create\nit manually before.\n\nA container name (as given as the backup url) must be a valid DNS name, conforming to the\nfollowing naming rules:\n\n\n1.     Container names must start with a letter or number, and can contain only\nletters, numbers, and the dash (-) character.\n\n2.     Every dash (-) character must be immediately preceded and followed by a letter\nor number; consecutive dashes are not permitted in container names.\n\n3.     All letters in a container name must be lowercase.\n\n4.     Container names must be from 3 through 63 characters long.\n\nThese rules come from Azure; see https://docs.microsoft.com/en-\nus/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata\n\n",
            "subsections": []
        },
        "A NOTE ON BOX ACCESS": {
            "content": "The box backend requires boxsdk with jwt support to be installed on the system.  See\nREQUIREMENTS.\n\nIt uses the environment variable BOXCONFIGPATH (optional).  This string contains the path\nto box custom app's config.json. Either this environment variable or the config query\nparameter in the url need to be specified, if both are specified, query paramter takes\nprecedence.\n\n",
            "subsections": [
                {
                    "name": "Create a Box custom app",
                    "content": "In order to use box backend, user need to create a box custom app in the box developer\nconsole (https://app.box.com/developers/console).\n\nAfter create a new custom app, please make sure it is configured as follow:\n\n\n1.     Choose \"App Access Only\" for \"App Access Level\"\n\n2.     Check \"Write all files and folders stored in Box\"\n\n3.     Generate a Public/Private Keypair\n\nThe user also need to grant the created custom app permission in the admin console\n(https://app.box.com/master/custom-apps) by clicking the \"+\" button and enter the clientid\nwhich can be found on the custom app's configuration page.\n\n"
                }
            ]
        },
        "A NOTE ON CLOUD FILES ACCESS": {
            "content": "Pyrax is Rackspace's next-generation Cloud management API, including Cloud Files access.  The\ncfpyrax backend requires the pyrax library to be installed on the system.  See REQUIREMENTS.\n\nCloudfiles is Rackspace's now deprecated implementation of OpenStack Object Storage protocol.\nUsers wishing to use Duplicity with Rackspace Cloud Files should migrate to the new Pyrax\nplugin to ensure support.\n\nThe backend requires python-cloudfiles to be installed on the system.  See REQUIREMENTS.\n\nIt uses three environment variables for authentification: CLOUDFILESUSERNAME (required),",
            "subsections": [
                {
                    "name": "CLOUDFILES___APIKEY (required), CLOUDFILES___AUTHURL (optional)",
                    "content": "If CLOUDFILESAUTHURL is unspecified it will default to the value provided by python-\ncloudfiles, which points to rackspace, hence this value must be set in order to use other\ncloud files providers.\n\n"
                }
            ]
        },
        "A NOTE ON DROPBOX ACCESS": {
            "content": "1.     First of all Dropbox backend requires valid authentication token. It should be passed\nvia DPBXACCESSTOKEN environment variable.\nTo obtain it please create 'Dropbox API' application at:\nhttps://www.dropbox.com/developers/apps/create\nThen visit app settings and just use 'Generated access token' under OAuth2 section.\nAlternatively you can let duplicity generate access token itself. In such case\ntemporary export DPBXAPPKEY , DPBXAPPSECRET using values from app settings page\nand run duplicity interactively.\nIt will print the URL that you need to open in the browser to obtain OAuth2 token for\nthe application. Just follow on-screen instructions and then put generated token to\nDPBXACCESSTOKEN variable. Once done, feel free to unset DPBXAPPKEY and\nDPBXAPPSECRET\n\n\n2.     \"somedir\" must already exist in the Dropbox folder. Depending on access token kind it\nmay be:\nFull Dropbox: path is absolute and starts from 'Dropbox' root folder.\nApp Folder: path is related to application folder. Dropbox client will show it\nin ~/Dropbox/Apps/<app-name>\n\n\n3.     When using Dropbox for storage, be aware that all files, including the ones in the\nApps folder, will be synced to all connected computers.  You may prefer to use a\nseparate Dropbox account specially for the backups, and not connect any computers to\nthat account. Alternatively you can configure selective sync on all computers to avoid\nsyncing of backup files\n\n",
            "subsections": []
        },
        "A NOTE ON EUROPEAN S3 BUCKETS": {
            "content": "Amazon S3 provides the ability to choose the location of a bucket upon its creation. The\npurpose is to enable the user to choose a location which is better located network\ntopologically relative to the user, because it may allow for faster data transfers.\n\nduplicity will create a new bucket the first time a bucket access is attempted. At this\npoint, the bucket will be created in Europe if --s3-european-buckets was given. For reasons\nhaving to do with how the Amazon S3 service works, this also requires the use of the\n--s3-use-new-style option. This option turns on subdomain based bucket addressing in S3. The\ndetails are beyond the scope of this man page, but it is important to know that your bucket\nmust not contain upper case letters or any other characters that are not valid parts of a\nhostname. Consequently, for reasons of backwards compatibility, use of subdomain based bucket\naddressing is not enabled by default.\n\nNote that you will need to use --s3-use-new-style for all operations on European buckets; not\njust upon initial creation.\n\nYou only need to use --s3-european-buckets upon initial creation, but you may may use it at\nall times for consistency.\n\nFurther note that when creating a new European bucket, it can take a while before the bucket\nis fully accessible. At the time of this writing it is unclear to what extent this is an\nexpected feature of Amazon S3, but in practice you may experience timeouts, socket errors or\nHTTP errors when trying to upload files to your newly created bucket. Give it a few minutes\nand the bucket should function normally.\n\n",
            "subsections": []
        },
        "A NOTE ON FILENAME PREFIXES": {
            "content": "Filename prefixes can be used in multi backend with mirror mode to define affinity rules.\nThey can also be used in conjunction with S3 lifecycle rules to transition archive files to\nGlacier, while keeping metadata (signature and manifest files) on S3.\n\nDuplicity does not require access to archive files except when restoring from backup.\n\n",
            "subsections": []
        },
        "A NOTE ON GOOGLE CLOUD STORAGE": {
            "content": "Support for Google Cloud Storage relies on its Interoperable Access, which must be enabled\nfor your account.  Once enabled, you can generate Interoperable Storage Access Keys and pass\nthem to duplicity via the GSACCESSKEYID and GSSECRETACCESSKEY environment variables.\nAlternatively, you can run gsutil config -a to have the Google Cloud Storage utility populate\nthe ~/.boto configuration file.\n\nEnable Interoperable Access: https://code.google.com/apis/console#:storage\nCreate Access Keys: https://code.google.com/apis/console#:storage:legacy\n\n",
            "subsections": []
        },
        "A NOTE ON HUBIC": {
            "content": "The hubic backend requires the pyrax library to be installed on the system. See REQUIREMENTS.\nYou will need to set your credentials for hubiC in a file called ~/.hubiccredentials,\nfollowing this pattern:\n\n[hubic]\nemail = youremail\npassword = yourpassword\nclientid = apiclientid\nclientsecret = apisecretkey\nredirecturi = http://localhost/\n\n",
            "subsections": []
        },
        "A NOTE ON IMAP": {
            "content": "An IMAP account can be used as a target for the upload.  The userid may be specified and the\npassword will be requested.\n\nThe fromaddressprefix may be specified (and probably should be). The text will be used as\nthe \"From\" address in the IMAP server.  Then on a restore (or list) command the\nfromaddressprefix will distinguish between different backups.\n\n",
            "subsections": []
        },
        "A NOTE ON MULTI BACKEND": {
            "content": "The multi backend allows duplicity to combine the storage available in more than one backend\nstore (e.g., you can store across a google drive account and a onedrive account to get\neffectively the combined storage available in both).  The URL path specifies a JSON formated\nconfig file containing a list of the backends it will use. The URL may also specify \"query\"\nparameters to configure overall behavior.  Each element of the list must have a \"url\"\nelement, and may also contain an optional \"description\" and an optional \"env\" list of\nenvironment variables used to configure that backend.\n",
            "subsections": [
                {
                    "name": "Query Parameters",
                    "content": "Query parameters come after the file URL in standard HTTP format for example:\nmulti:///path/to/config.json?mode=mirror&onfail=abort\nmulti:///path/to/config.json?mode=stripe&onfail=continue\nmulti:///path/to/config.json?onfail=abort&mode=stripe\nmulti:///path/to/config.json?onfail=abort\nOrder does not matter, however unrecognized parameters are considered an error.\n\nmode=stripe\nThis mode (the default) performs round-robin access to the list of backends. In this\nmode, all backends must be reliable as a loss of one means a loss of one of the\narchive files.\n\nmode=mirror\nThis mode accesses backends as a RAID1-store, storing every file in every backend and\nreading files from the first-successful backend.  A loss of any backend should result\nin no failure. Note that backends added later will only get new files and may require\na manual sync with one of the other operating ones.\n\nonfail=continue\nThis setting (the default) continues all write operations in as best-effort. Any\nfailure results in the next backend tried. Failure is reported only when all backends\nfail a given operation with the error result from the last failure.\n\nonfail=abort\nThis setting considers any backend write failure as a terminating condition and\nreports the error.  Data reading and listing operations are independent of this and\nwill try with the next backend on failure.\n"
                },
                {
                    "name": "JSON File Example",
                    "content": "[\n{\n\"description\": \"a comment about the backend\"\n\"url\": \"abackend://myuser@domain.com/backup\",\n\"env\": [\n{\n\"name\" : \"MYENV\",\n\"value\" : \"xyz\"\n},\n{\n\"name\" : \"FOO\",\n\"value\" : \"bar\"\n}\n],\n\"prefixes\": [\"prefix1\", \"prefix2\"]\n},\n{\n\"url\": \"file:///path/to/dir\"\n}\n]\n\n"
                }
            ]
        },
        "A NOTE ON PAR2 WRAPPER BACKEND": {
            "content": "Par2 Wrapper Backend can be used in combination with all other backends to create recovery\nfiles. Just add par2+ before a regular scheme (e.g.  par2+ftp://user@host/dir or\npar2+s3+http://bucketname ). This will create par2 recovery files for each archive and\nupload them all to the wrapped backend.\n\nBefore restoring, archives will be verified. Corrupt archives will be repaired on the fly if\nthere are enough recovery blocks available.\n\nUse --par2-redundancy percent to adjust the size (and redundancy) of recovery files in\npercent.\n\n",
            "subsections": []
        },
        "A NOTE ON PYDRIVE BACKEND": {
            "content": "The pydrive backend requires Python PyDrive package to be installed on the system. See\nREQUIREMENTS.\n\nThere are two ways to use PyDrive: with a regular account or with a \"service account\". With a\nservice account, a separate account is created, that is only accessible with Google APIs and\nnot a web login.  With a regular account, you can store backups in your normal Google Drive.\n\nTo use a service account, go to the Google developers console at\nhttps://console.developers.google.com. Create a project, and make sure Drive API is enabled\nfor the project. Under \"APIs and auth\", click Create New Client ID, then select Service\nAccount with P12 key.\n\nDownload the .p12 key file of the account and convert it to the .pem format:\nopenssl pkcs12 -in XXX.p12  -nodes -nocerts > pydriveprivatekey.pem\n\nThe content of .pem file should be passed to GOOGLEDRIVEACCOUNTKEY environment variable\nfor authentification.\n\nThe email address of the account will be used as part of URL. See URL FORMAT above.\n\nThe alternative is to use a regular account. To do this, start as above, but when creating a\nnew Client ID, select \"Installed application\" of type \"Other\". Create a file with the\nfollowing content, and pass its filename in the GOOGLEDRIVESETTINGS environment variable:\n\nclientconfigbackend: settings\nclientconfig:\nclientid: <Client ID from developers' console>\nclientsecret: <Client secret from developers' console>\nsavecredentials: True\nsavecredentialsbackend: file\nsavecredentialsfile: <filename to cache credentials>\ngetrefreshtoken: True\n\nIn this scenario, the username and host parts of the URL play no role; only the path matters.\nDuring the first run, you will be prompted to visit an URL in your browser to grant access to\nyour drive. Once granted, you will receive a verification code to paste back into Duplicity.\nThe credentials are then cached in the file references above for future use.\n\n",
            "subsections": []
        },
        "A NOTE ON GDRIVE BACKEND": {
            "content": "GDrive: is a rewritten PyDrive: backend with less dependencies, and a simpler setup - it uses\nthe JSON keys downloaded directly from Google Cloud Console.\n\nNote Google has 2 drive methods, `Shared(previously Team) Drives` and `My Drive`, both can be\nshared but require different addressing\n",
            "subsections": [
                {
                    "name": "For a Google Shared Drives folder",
                    "content": "Share Drive ID specified as a query parameter, driveID,  in the backend URL.  Example:\ngdrive://developer.gserviceaccount.com/target-folder/?driveID=<SHARED DRIVE ID>\n"
                },
                {
                    "name": "For a Google My Drive based shared folder",
                    "content": "MyDrive folder ID specified as a query parameter, myDriveFolderID, in the backend URL Example\nexport GOOGLESERVICEACCOUNTURL=<serviceaccount-name>@<serviceaccount-\nname>.iam.gserviceaccount.com\ngdrive://${GOOGLESERVICEACCOUNTURL}/<target-folder-name-in-\nmyDriveFolder>?myDriveFolderID=<google-myDrive-folder-id>\n\n\nThere are also two ways to authenticate to use GDrive: with a regular account or with a\n\"service account\". With a service account, a separate account is created, that is only\naccessible with Google APIs and not a web login.  With a regular account, you can store\nbackups in your normal Google Drive.\n\nTo use a service account, go to the Google developers console at\nhttps://console.developers.google.com. Create a project, and make sure Drive API is enabled\nfor the project. In the \"Credentials\" section, click \"Create credentials\", then select\nService Account with JSON key.\n\nThe GOOGLESERVICEJSONFILE environment variable needs to contain the path to the JSON file\non duplicity invocation.\n\nexport GOOGLESERVICEJSONFILE=<path-to-serviceaccount-credentials.json>\n\n\nThe alternative is to use a regular account. To do this, start as above, but when creating a\nnew Client ID, select \"Create OAuth client ID\", with application type of \"Desktop app\".\nDownload the clientsecret.json file for the new client, and set the\nGOOGLECLIENTSECRETJSONFILE environment variable to the path to this file, and\nGOOGLECREDENTIALSFILE to a path to a file where duplicity will keep the authentication\ntoken - this location must be writable.\n\nDuring the first run, you will be prompted to visit an URL in your browser to grant access to\nyour drive. Once granted, you will receive a verification code to paste back into Duplicity.\nThe credentials are then cached in the file references above for future use.\n\nAs a sanity check, GDrive checks the host and username from the URL against the JSON key, and\nrefuses to proceed if the addresses do not match. Either the email (for the service accounts)\nor Client ID (for regular OAuth accounts) must be present in the URL. See URL FORMAT above.\n\n"
                }
            ]
        },
        "A NOTE ON RCLONE BACKEND": {
            "content": "Rclone is a powerful command line program to sync files and directories to and from various\ncloud storage providers.\n\nOnce you have configured an rclone remote via\n\nrclone config\n\nand successfully set up a remote (e.g. gdrive for Google Drive), assuming you can list your\nremote files with\n\nrclone ls gdrive:mydocuments\n\nyou can start your backup with\n\nduplicity /mydocuments rclone://gdrive:/mydocuments\n\nPlease note the slash after the second colon. Some storage provider will work with or without\nslash after colon, but some other will not. Since duplicity will complain about malformed URL\nif a slash is not present, always put it after the colon, and the backend will handle it for\nyou.\n\n",
            "subsections": []
        },
        "A NOTE ON SSH BACKENDS": {
            "content": "The ssh backends support sftp and scp/ssh transport protocols.  This is a known user-\nconfusing issue as these are fundamentally different.  If you plan to access your backend via\none of those please inform yourself about the requirements for a server to support sftp or\nscp/ssh access.  To make it even more confusing the user can choose between several ssh\nbackends via a scheme prefix: paramiko+ (default), pexpect+, lftp+... .\nparamiko & pexpect support --use-scp, --ssh-askpass and --ssh-options.  Only the pexpect\nbackend allows to define --scp-command and --sftp-command.\n",
            "subsections": [
                {
                    "name": "SSH paramiko backend (default)",
                    "content": "python. Advantages are speed and maintainability. Minor disadvantage is that extra packages\nare needed as listed in REQUIREMENTS.  In sftp (default) mode all operations are done via the\naccording sftp commands. In scp mode ( --use-scp ) though scp access is used for put/get\noperations but listing is done via ssh remote shell.\n\nSSH pexpect backend is the legacy ssh backend using the command line ssh binaries via\npexpect.  Older versions used scp for get and put operations and sftp for list and delete\noperations.  The current version uses sftp for all four supported operations, unless the\n--use-scp option is used to revert to old behavior.\n\nSSH lftp backend is simply there because lftp can interact with the ssh cmd line binaries.\nIt is meant as a last resort in case the above options fail for some reason.\n\nWhy use sftp instead of scp?  The change to sftp was made in order to allow the remote system\nto chroot the backup, thus providing better security and because it does not suffer from\nshell quoting issues like scp.  Scp also does not support any kind of file listing, so sftp\nor ssh access will always be needed in addition for this backend mode to work properly. Sftp\ndoes not have these limitations but needs an sftp service running on the backend server,\nwhich is sometimes not an option.\n\n"
                }
            ]
        },
        "A NOTE ON SSL CERTIFICATE VERIFICATION": {
            "content": "Certificate verification as implemented right now [02.2016] only in the webdav and lftp\nbackends. older pythons 2.7.8- and older lftp binaries need a file based database of\ncertification authority certificates (cacert file).\nNewer python 2.7.9+ and recent lftp versions however support the system default certificates\n(usually in /etc/ssl/certs) and also giving an alternative ca cert folder via --ssl-cacert-\npath.\n\nThe cacert file has to be a PEM formatted text file as currently provided by the CURL\nproject. See\n\nhttp://curl.haxx.se/docs/caextract.html\n\nAfter creating/retrieving a valid cacert file you should copy it to either\n\n~/.duplicity/cacert.pem\n~/duplicitycacert.pem\n/etc/duplicity/cacert.pem\n\nDuplicity searches it there in the same order and will fail if it can't find it.  You can\nhowever specify the option --ssl-cacert-file <file> to point duplicity to a copy in a\ndifferent location.\n\nFinally there is the --ssl-no-check-certificate option to disable certificate verification\nalltogether, in case some ssl library is missing or verification is not wanted. Use it with\ncare, as even with self signed servers manually providing the private ca certificate is\ndefinitely the safer option.\n\n",
            "subsections": [
                {
                    "name": "A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS",
                    "content": "Swift is the OpenStack Object Storage service.\nThe backend requires python-switclient to be installed on the system.  python-keystoneclient\nis also needed to use OpenStack's Keystone Identity service.  See REQUIREMENTS.\n\nIt uses following environment variables for authentification: SWIFTUSERNAME (required),"
                },
                {
                    "name": "SWIFT___PASSWORD (required), SWIFT___AUTHURL (required),",
                    "content": "Bluemix ObjectStorage), SWIFTTENANTID (required, only for IBM Bluemix ObjectStorage),\nSWIFTREGIONNAME (required, only for IBM Bluemix ObjectStorage), SWIFTTENANTNAME (optional,\nthe tenant can be included in the username)\n\nIf the user was previously authenticated, the following environment variables can be used\ninstead: SWIFTPREAUTHURL (required), SWIFTPREAUTHTOKEN (required)\n\nIf SWIFTAUTHVERSION is unspecified, it will default to version 1.\n\n"
                }
            ]
        },
        "A NOTE ON PCA ACCESS": {
            "content": "PCA is a long-term data archival solution by OVH. It runs a slightly modified version of\nOpenstack Swift introducing latency in the data retrieval process.  It is a good pick for a\nmulti backend configuration where receiving volumes while an other backend is used to store\nmanifests and signatures.\n\nThe backend requires python-switclient to be installed on the system.  python-keystoneclient\nis also needed to interact with OpenStack's Keystone Identity service.  See REQUIREMENTS.\n\nIt uses following environment variables for authentification: PCAUSERNAME (required),",
            "subsections": [
                {
                    "name": "PCA___PASSWORD (required), PCA___AUTHURL (required), PCA___USERID (optional),",
                    "content": "(optional, but either the tenant name or tenant id must be supplied) PCAREGIONNAME\n(optional), PCATENANTNAME (optional, but either the tenant name or tenant id must be\nsupplied)\n\nIf the user was previously authenticated, the following environment variables can be used\ninstead: PCAPREAUTHURL (required), PCAPREAUTHTOKEN (required)\n\nIf PCAAUTHVERSION is unspecified, it will default to version 2.\n\n"
                }
            ]
        },
        "A NOTE ON MEDIAFIRE BACKEND": {
            "content": "This backend requires mediafire python library to be installed on the system. See\nREQUIREMENTS.\n\nUse URL escaping for username (and password, if provided via command line):\n\n\nmf://duplicity%40example.com@mediafire.com/somefolder\n\nThe destination folder will be created for you if it does not exist.\n\n",
            "subsections": []
        },
        "A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING": {
            "content": "Signing and symmetrically encrypt at the same time with the gpg binary on the command line,\nas used within duplicity, is a specifically challenging issue.  Tests showed that the\nfollowing combinations proved working.\n\n1. Setup gpg-agent properly. Use the option --use-agent and enter both passphrases (symmetric\nand sign key) in the gpg-agent's dialog.\n\n2. Use a PASSPHRASE for symmetric encryption of your choice but the signing key has an empty\npassphrase.\n\n3. The used PASSPHRASE for symmetric encryption and the passphrase of the signing key are\nidentical.\n\n",
            "subsections": []
        },
        "KNOWN ISSUES / BUGS": {
            "content": "Hard links currently unsupported (they will be treated as non-linked regular files).\n\nBad signatures will be treated as empty instead of logging appropriate error message.\n\n",
            "subsections": []
        },
        "OPERATION AND DATA FORMATS": {
            "content": "This section describes duplicity's basic operation and the format of its data files.  It\nshould not be necessary to read this section to use duplicity.\n\nThe files used by duplicity to store backup data are tarfiles in GNU tar format.  They can be\nproduced independently by rdiffdir(1).  For incremental backups, new files are saved normally\nin the tarfile.  But when a file changes, instead of storing a complete copy of the file,\nonly a diff is stored, as generated by rdiff(1).  If a file is deleted, a 0 length file is\nstored in the tar.  It is possible to restore a duplicity archive \"manually\" by using tar and\nthen cp, rdiff, and rm as necessary.  These duplicity archives have the extension difftar.\n\nBoth full and incremental backup sets have the same format.  In effect, a full backup set is\nan incremental one generated from an empty signature (see below).  The files in full backup\nsets will start with duplicity-full while the incremental sets start with duplicity-inc.\nWhen restoring, duplicity applies patches in order, so deleting, for instance, a full backup\nset may make related incremental backup sets unusable.\n\nIn order to determine which files have been deleted, and to calculate diffs for changed\nfiles, duplicity needs to process information about previous sessions.  It stores this\ninformation in the form of tarfiles where each entry's data contains the signature (as\nproduced by rdiff) of the file instead of the file's contents.  These signature sets have the\nextension sigtar.\n\nSignature files are not required to restore a backup set, but without an up-to-date\nsignature, duplicity cannot append an incremental backup to an existing archive.\n\nTo save bandwidth, duplicity generates full signature sets and incremental signature sets.  A\nfull signature set is generated for each full backup, and an incremental one for each\nincremental backup.  These start with duplicity-full-signatures and duplicity-new-signatures\nrespectively. These signatures will be stored both locally and remotely.  The remote\nsignatures will be encrypted if encryption is enabled.  The local signatures will not be\nencrypted and stored in the archive dir (see --archive-dir ).\n\n",
            "subsections": []
        },
        "REQUIREMENTS": {
            "content": "Duplicity requires a POSIX-like operating system with a python interpreter version 2.6+\ninstalled.  It is best used under GNU/Linux.\n\nSome backends also require additional components (probably available as packages for your\nspecific platform):\n",
            "subsections": [
                {
                    "name": "Amazon Drive backend",
                    "content": "python-requests - http://python-requests.org\npython-requests-oauthlib - https://github.com/requests/requests-oauthlib\n\nazure backend (Azure Storage Blob Service)\nMicrosoft Azure Storage Blobs client library for Python -\nhttps://pypi.org/project/azure-storage-blob/\n\nboto backend (S3 Amazon Web Services, Google Cloud Storage)\nboto version 2.0+ - http://github.com/boto/boto\n\nbox backend (box.com)\nboxsdk - https://github.com/box/box-python-sdk\n\ncfpyrax backend (Rackspace Cloud) and hubic backend (hubic.com)\nRackspace CloudFiles Pyrax API -\nhttp://docs.rackspace.com/sdks/guide/content/python.html\n\ndpbx backend (Dropbox)\nDropbox Python SDK - https://www.dropbox.com/developers/reference/sdk\n\ngdocs gdata backend (legacy Google Docs backend)\nGoogle Data APIs Python Client Library - http://code.google.com/p/gdata-python-client/\n"
                },
                {
                    "name": "gdocs pydrive backend(default)",
                    "content": "see pydrive backend\n\ngio backend (Gnome VFS API)\nPyGObject - http://live.gnome.org/PyGObject"
                },
                {
                    "name": "D-Bus (dbus)",
                    "content": "lftp backend (needed for ftp, ftps, fish [over ssh] - also supports sftp, webdav[s])\nLFTP Client - http://lftp.yar.ru/\n\nMEGA backend (only works for accounts created prior to November 2018) (mega.nz)\nmegatools client - https://github.com/megous/megatools\n\nMEGA v2 and v3 backend (works for all MEGA accounts) (mega.nz)\nMEGAcmd client - https://mega.nz/cmd\n"
                },
                {
                    "name": "multi backend",
                    "content": "Multi -- store to more than one backend\n(also see A NOTE ON MULTI BACKEND ) below.\n\nncftp backend (ftp, select via ncftp+ftp://)\nNcFTP - http://www.ncftp.com/\n\nOneDrive backend (Microsoft OneDrive)\npython-requests-oauthlib - https://github.com/requests/requests-oauthlib\n"
                },
                {
                    "name": "Par2 Wrapper Backend",
                    "content": "par2cmdline - http://parchive.sourceforge.net/\n"
                },
                {
                    "name": "pydrive backend",
                    "content": "PyDrive -- a wrapper library of google-api-python-client -\nhttps://pypi.python.org/pypi/PyDrive\n(also see A NOTE ON PYDRIVE BACKEND ) below.\n"
                },
                {
                    "name": "rclone backend",
                    "content": "rclone - https://rclone.org/\n"
                },
                {
                    "name": "rsync backend",
                    "content": "rsync client binary - http://rsync.samba.org/\n"
                },
                {
                    "name": "ssh paramiko backend (default)",
                    "content": "paramiko (SSH2 for python) - http://pypi.python.org/pypi/paramiko (downloads);\nhttp://github.com/paramiko/paramiko (project page)\npycrypto (Python Cryptography Toolkit) - http://www.dlitz.net/software/pycrypto/\n"
                },
                {
                    "name": "ssh pexpect backend",
                    "content": "sftp/scp client binaries OpenSSH - http://www.openssh.com/\nPython pexpect module - http://pexpect.sourceforge.net/pexpect.html\n"
                },
                {
                    "name": "swift backend (OpenStack Object Storage)",
                    "content": "Python swiftclient module - https://github.com/openstack/python-swiftclient/\nPython keystoneclient module - https://github.com/openstack/python-keystoneclient/\n"
                },
                {
                    "name": "webdav backend",
                    "content": "certificate authority database file for ssl certificate verification of HTTPS\nconnections - http://curl.haxx.se/docs/caextract.html\n(also see A NOTE ON SSL CERTIFICATE VERIFICATION).\nPython kerberos module for kerberos authentication -\nhttps://github.com/02strich/pykerberos\n"
                },
                {
                    "name": "MediaFire backend",
                    "content": "MediaFire Python Open SDK - https://pypi.python.org/pypi/mediafire/\n\n"
                }
            ]
        },
        "AUTHOR": {
            "content": "Original Author - Ben Escoto <bescoto@stanford.edu>\n\nCurrent Maintainer - Kenneth Loafman <kenneth@loafman.com>\n",
            "subsections": [
                {
                    "name": "Continuous Contributors",
                    "content": "Edgar Soldin, Mike Terry\n\nMost backends were contributed individually.  Information about their authorship may be found\nin the according file's header.\n\nAlso we'd like to thank everybody posting issues to the mailing list or on launchpad, sending\nin patches or contributing otherwise. Duplicity wouldn't be as stable and useful if it\nweren't for you.\n\nA special thanks goes to rsync.net, a Cloud Storage provider with explicit support for\nduplicity, for several monetary donations and for providing a special \"duplicity friends\"\nrate for their offsite backup service.  Email info@rsync.net for details.\n\n"
                }
            ]
        },
        "SEE ALSO": {
            "content": "rdiffdir(1), python(1), rdiff(1), rdiff-backup(1).\n\n\n\nVersion 0.8.21                            November 09, 2021                             DUPLICITY(1)",
            "subsections": []
        }
    },
    "summary": "duplicity - Encrypted incremental backup to local or remote storage.",
    "flags": [
        {
            "flag": "",
            "long": "--allow-source-mismatch",
            "arg": null,
            "description": "Do not abort on attempts to use the same archive dir or remote backend to back up different directories. duplicity will tell you if you need this switch. --archive-dir path The archive directory. NOTE: This option changed in 0.6.0. The archive directory is now necessary in order to manage persistence for current and future enhancements. As such, this option is now used only to change the location of the archive directory. The archive directory should not be deleted, or duplicity will have to recreate it from the remote repository (which may require decrypting the backup contents). When backing up or restoring, this option specifies that the local archive directory is to be created in path. If the archive directory is not specified, the default will be to create the archive directory in ~/.cache/duplicity/. The archive directory can be shared between backups to multiple targets, because a subdirectory of the archive dir is used for individual backups (see --name ). The combination of archive directory and backup name must be unique in order to separate the data of different backups. The interaction between the --archive-dir and the --name options allows for four possible combinations for the location of the archive dir: 1. neither specified (default) ~/.cache/duplicity/hash-of-url 2. --archive-dir=/arch, no --name /arch/hash-of-url 3. no --archive-dir, --name=foo ~/.cache/duplicity/foo 4. --archive-dir=/arch, --name=foo /arch/foo"
        },
        {
            "flag": "",
            "long": "--asynchronous-upload",
            "arg": null,
            "description": "(EXPERIMENTAL) Perform file uploads asynchronously in the background, with respect to volume creation. This means that duplicity can upload a volume while, at the same time, preparing the next volume for upload. The intended end-result is a faster backup, because the local CPU and your bandwidth can be more consistently utilized. Use of this option implies additional need for disk space in the temporary storage location; rather than needing to store only one volume at a time, enough storage space is required to store two volumes. --backend-retry-delay number Specifies the number of seconds that duplicity waits after an error has occured before attempting to repeat the operation. --cf-backend backend Allows the explicit selection of a cloudfiles backend. Defaults to pyrax. Alternatively you might choose cloudfiles."
        },
        {
            "flag": "",
            "long": "--b2-hide-files",
            "arg": null,
            "description": "Causes Duplicity to hide files in B2 instead of deleting them. Useful in combination with B2's lifecycle rules."
        },
        {
            "flag": "",
            "long": "--compare-data",
            "arg": null,
            "description": "Enable data comparison of regular files on action verify. This conducts a verify as described above to verify the integrity of the backup archives, but additionally compares restored files to those in targetdirectory. Duplicity will not replace any files in targetdirectory. Duplicity will exit with a non-zero error level if the files do not correctly verify or if any files from the archive differ from those in targetdirectory. On verbosity level 4 or higher, it will log a message for each file that differs from its equivalent in targetdirectory."
        },
        {
            "flag": "",
            "long": "--copy-links",
            "arg": null,
            "description": "Resolve symlinks during backup. Enabling this will resolve & back up the symlink's file/folder data instead of the symlink itself, potentially increasing the size of the backup."
        },
        {
            "flag": "",
            "long": "--dry-run",
            "arg": null,
            "description": "Calculate what would be done, but do not perform any backend actions --encrypt-key key-id When backing up, encrypt to the given public key, instead of using symmetric (traditional) encryption. Can be specified multiple times. The key-id can be given in any of the formats supported by GnuPG; see gpg(1), section \"HOW TO SPECIFY A USER ID\" for details. --encrypt-secret-keyring filename This option can only be used with --encrypt-key, and changes the path to the secret keyring for the encrypt key to filename This keyring is not used when creating a backup. If not specified, the default secret keyring is used which is usually located at .gnupg/secring.gpg --encrypt-sign-key key-id Convenience parameter. Same as --encrypt-key key-id --sign-key key-id. --exclude shellpattern Exclude the file or files matched by shellpattern. If a directory is matched, then files under that directory will also be matched. See the FILE SELECTION section for more information."
        },
        {
            "flag": "",
            "long": "--exclude-device-files",
            "arg": null,
            "description": "Exclude all device files. This can be useful for security/permissions reasons or if duplicity is not handling device files correctly. --exclude-filelist filename Excludes the files listed in filename, with each line of the filelist interpreted according to the same rules as --include and --exclude. See the FILE SELECTION section for more information. --exclude-if-present filename Exclude directories if filename is present. Allows the user to specify folders that they do not wish to backup by adding a specified file (e.g. \".nobackup\") instead of maintaining a comprehensive exclude/include list. --exclude-older-than time Exclude any files whose modification date is earlier than the specified time. This can be used to produce a partial backup that contains only recently changed files. See the TIME FORMATS section for more information."
        },
        {
            "flag": "",
            "long": "--exclude-other-filesystems",
            "arg": null,
            "description": "Exclude files on file systems (identified by device number) other than the file system the root of the source directory is on. --exclude-regexp regexp Exclude files matching the given regexp. Unlike the --exclude option, this option does not match files in a directory it matches. See the FILE SELECTION section for more information."
        },
        {
            "flag": "",
            "long": "--file-prefix-signature",
            "arg": null,
            "description": "Adds a prefix to all files, manifest files, archive files, and/or signature files. The same set of prefixes must be passed in on backup and restore. If both global and type-specific prefixes are set, global prefix will go before type- specific prefixes. See also A NOTE ON FILENAME PREFIXES --file-to-restore path This option may be given in restore mode, causing only path to be restored instead of the entire contents of the backup archive. path should be given relative to the root of the directory backed up. --full-if-older-than time Perform a full backup if an incremental backup is requested, but the latest full backup in the collection is older than the given time. See the TIME FORMATS section for more information."
        },
        {
            "flag": "",
            "long": "--force",
            "arg": null,
            "description": "Proceed even if data loss might result. Duplicity will let the user know when this option is required."
        },
        {
            "flag": "",
            "long": "--ftp-passive",
            "arg": null,
            "description": "Use passive (PASV) data connections. The default is to use passive, but to fallback to regular if the passive connection fails or times out."
        },
        {
            "flag": "",
            "long": "--ftp-regular",
            "arg": null,
            "description": "Use regular (PORT) data connections. --gio Use the GIO backend and interpret any URLs as GIO would. --hidden-encrypt-key key-id Same as --encrypt-key, but it hides user's key id from encrypted file. It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup. On restore, gpg will automatically try all available secret keys in order to decrypt the backup. See gpg(1) for more details."
        },
        {
            "flag": "",
            "long": "--ignore-errors",
            "arg": null,
            "description": "Try to ignore certain errors if they happen. This option is only intended to allow the restoration of a backup in the face of certain problems that would otherwise cause the backup to fail. It is not ever recommended to use this option unless you have a situation where you are trying to restore from backup and it is failing because of an issue which you want duplicity to ignore. Even then, depending on the issue, this option may not have an effect. Please note that while ignored errors will be logged, there will be no summary at the end of the operation to tell you what was ignored, if anything. If this is used for emergency restoration of data, it is recommended that you run the backup in such a way that you can revisit the backup log (look for lines containing the string IGNOREDERROR). If you ever have to use this option for reasons that are not understood or understood but not your own responsibility, please contact duplicity maintainers. The need to use this option under production circumstances would normally be considered a bug. --imap-full-address emailaddress The full email address of the user name when logging into an imap server. If not supplied just the user name part of the email address is used. --imap-mailbox option Allows you to specify a different mailbox. The default is \"INBOX\". Other languages may require a different mailbox than the default. --gpg-binary filepath Allows you to force duplicity to use filepath as gpg command line binary. Can be an absolute or relative file path or a file name. Default value is 'gpg'. The binary will be localized via the PATH environment variable. --gpg-options options Allows you to pass options to gpg encryption. The options list should be of the form \"--opt1 --opt2=parm\" where the string is quoted and the only spaces allowed are between options. --include shellpattern Similar to --exclude but include matched files instead. Unlike --exclude, this option will also match parent directories of matched files (although not necessarily their contents). See the FILE SELECTION section for more information. --include-filelist filename Like --exclude-filelist, but include the listed files instead. See the FILE SELECTION section for more information. --include-regexp regexp Include files matching the regular expression regexp. Only files explicitly matched by regexp will be included by this option. See the FILE SELECTION section for more information. --log-fd number Write specially-formatted versions of output messages to the specified file descriptor. The format used is designed to be easily consumable by other programs. --log-file filename Write specially-formatted versions of output messages to the specified file. The format used is designed to be easily consumable by other programs. --max-blocksize number determines the number of the blocks examined for changes during the diff process. For files < 1MB the blocksize is a constant of 512. For files over 1MB the size is given by: fileblocksize = int((filelen / (2000 * 512)) * 512) return min(fileblocksize, config.maxblocksize) where config.maxblocksize defaults to 2048. If you specify a larger maxblocksize, your difftar files will be larger, but your sigtar files will be smaller. If you specify a smaller maxblocksize, the reverse occurs. The --max-blocksize option should be in multiples of 512. --name symbolicname Set the symbolic name of the backup being operated on. The intent is to use a separate name for each logically distinct backup. For example, someone may use \"homedailys3\" for the daily backup of a home directory to Amazon S3. The structure of the name is up to the user, it is only important that the names be distinct. The symbolic name is currently only used to affect the expansion of --archive-dir , but may be used for additional features in the future. Users running more than one distinct backup are encouraged to use this option. If not specified, the default value is a hash of the backend URL."
        },
        {
            "flag": "",
            "long": "--no-compression",
            "arg": null,
            "description": "Do not use GZip to compress files on remote system."
        },
        {
            "flag": "",
            "long": "--no-encryption",
            "arg": null,
            "description": "Do not use GnuPG to encrypt files on remote system."
        },
        {
            "flag": "",
            "long": "--no-print-statistics",
            "arg": null,
            "description": "By default duplicity will print statistics about the current session after a successful backup. This switch disables that behavior."
        },
        {
            "flag": "",
            "long": "--null-separator",
            "arg": null,
            "description": "Use nulls (\\0) instead of newlines (\\n) as line separators, which may help when dealing with filenames containing newlines. This affects the expected format of the files specified by the --{include|exclude}-filelist switches as well as the format of the directory statistics file."
        },
        {
            "flag": "",
            "long": "--numeric-owner",
            "arg": null,
            "description": "On restore always use the numeric uid/gid from the archive and not the archived user/group names, which is the default behaviour. Recommended for restoring from live cds which might have the users with identical names but different uids/gids."
        },
        {
            "flag": "",
            "long": "--do-not-restore-ownership",
            "arg": null,
            "description": "Ignores the uid/gid from the archive and keeps the current user's one. Recommended for restoring data to mounted filesystem which do not support Unix ownership or when root privileges are not available. --num-retries number Number of retries to make on errors before giving up."
        },
        {
            "flag": "",
            "long": "--old-filenames",
            "arg": null,
            "description": "Use the old filename format (incompatible with Windows/Samba) rather than the new filename format. --par2-options options Verbatim options to pass to par2. --par2-redundancy percent Adjust the level of redundancy in percent for Par2 recovery files (default 10%)."
        },
        {
            "flag": "",
            "long": "--progress",
            "arg": null,
            "description": "When selected, duplicity will output the current upload progress and estimated upload time. To annotate changes, it will perform a first dry-run before a full or incremental, and then runs the real operation estimating the real upload progress. --progress-rate number Sets the update rate at which duplicity will output the upload progress messages (requires --progress option). Default is to print the status each 3 seconds. --rename <original path> <new path> Treats the path orig in the backup as if it were the path new. Can be passed multiple times. An example: duplicity restore --rename Documents/metal Music/metal sftp://uid@other.host/somedir /home/me --rsync-options options Allows you to pass options to the rsync backend. The options list should be of the form \"opt1=parm1 opt2=parm2\" where the option string is quoted and the only spaces allowed are between options. The option string will be passed verbatim to rsync, after any internally generated option designating the remote port to use. Here is a possibly useful example: duplicity --rsync-options=\"--partial-dir=.rsync-partial\" /home/me rsync://uid@other.host/somedir"
        },
        {
            "flag": "",
            "long": "--s3-european-buckets",
            "arg": null,
            "description": "When using the Amazon S3 backend, create buckets in Europe instead of the default (requires --s3-use-new-style ). Also see the EUROPEAN S3 BUCKETS section. This option does not apply when using the newer boto3 backend, which does not create buckets. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-unencrypted-connection",
            "arg": null,
            "description": "Don't use SSL for connections to S3. This may be much faster, at some cost to confidentiality. With this option, anyone who can observe traffic between your computer and S3 will be able to tell: that you are using Duplicity, the name of the bucket, your AWS Access Key ID, the increment dates and the amount of data in each increment. This option affects only the connection, not the GPG encryption of the backup increment files. Unless that is disabled, an observer will not be able to see the file names or contents. This option is not available when using the newer boto3 backend. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-use-new-style",
            "arg": null,
            "description": "When operating on Amazon S3 buckets, use new-style subdomain bucket addressing. This is now the preferred method to access Amazon S3, but is not backwards compatible if your bucket name contains upper-case characters or other characters that are not valid in a hostname. This option has no effect when using the newer boto3 backend, which will always use new style subdomain bucket naming. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-use-rrs",
            "arg": null,
            "description": "Store volumes using Reduced Redundancy Storage when uploading to Amazon S3. This will lower the cost of storage but also lower the durability of stored volumes to 99.99% instead the 99.999999999% durability offered by Standard Storage on S3."
        },
        {
            "flag": "",
            "long": "--s3-use-ia",
            "arg": null,
            "description": "Store volumes using Standard - Infrequent Access when uploading to Amazon S3. This storage class has a lower storage cost but a higher per-request cost, and the storage cost is calculated against a 30-day storage minimum. According to Amazon, this storage is ideal for long-term file storage, backups, and disaster recovery."
        },
        {
            "flag": "",
            "long": "--s3-use-onezone-ia",
            "arg": null,
            "description": "Store volumes using One Zone - Infrequent Access when uploading to Amazon S3. This storage is similar to Standard - Infrequent Access, but only stores object data in one Availability Zone."
        },
        {
            "flag": "",
            "long": "--s3-use-glacier",
            "arg": null,
            "description": "Store volumes using Glacier S3 when uploading to Amazon S3. This storage class has a lower cost of storage but a higher per-request cost along with delays of up to 12 hours from the time of retrieval request. This storage cost is calculated against a 90-day storage minimum. According to Amazon this storage is ideal for data archiving and long-term backup offering 99.999999999% durability. To restore a backup you will have to manually migrate all data stored on AWS Glacier back to Standard S3 and wait for AWS to complete the migration. Notice: Duplicity will store the manifest.gpg files from full and incremental backups on AWS S3 standard storage to allow quick retrieval for later incremental backups, all other data is stored in S3 Glacier."
        },
        {
            "flag": "",
            "long": "--s3-use-deep-archive",
            "arg": null,
            "description": "Store volumes using Glacier Deep Archive S3 when uploading to Amazon S3. This storage class has a lower cost of storage but a higher per-request cost along with delays of up to 48 hours from the time of retrieval request. This storage cost is calculated against a 180-day storage minimum. According to Amazon this storage is ideal for data archiving and long-term backup offering 99.999999999% durability. To restore a backup you will have to manually migrate all data stored on AWS Glacier Deep Archive back to Standard S3 and wait for AWS to complete the migration. Notice: Duplicity will store the manifest.gpg files from full and incremental backups on AWS S3 standard storage to allow quick retrieval for later incremental backups, all other data is stored in S3 Glacier Deep Archive. Glacier Deep Archive is only available when using the newer boto3 backend."
        },
        {
            "flag": "",
            "long": "--s3-use-multiprocessing",
            "arg": null,
            "description": "Allow multipart volumne uploads to S3 through multiprocessing. This option requires Python 2.6 and can be used to make uploads to S3 more efficient. If enabled, files duplicity uploads to S3 will be split into chunks and uploaded in parallel. Useful if you want to saturate your bandwidth or if large files are failing during upload. This has no effect when using the newer boto3 backend. Boto3 always attempts to multiprocessing when it is believed it will be more efficient. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-use-server-side-encryption",
            "arg": null,
            "description": "Allow use of server side encryption in S3"
        },
        {
            "flag": "",
            "long": "--s3-multipart-chunk-size",
            "arg": null,
            "description": "Chunk size (in MB) used for S3 multipart uploads. Make this smaller than --volsize to maximize the use of your bandwidth. For example, a chunk size of 10MB with a volsize of 30MB will result in 3 chunks per volume upload. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-multipart-max-procs",
            "arg": null,
            "description": "Specify the maximum number of processes to spawn when performing a multipart upload to S3. By default, this will choose the number of processors detected on your system (e.g. 4 for a 4-core system). You can adjust this number as required to ensure you don't overload your system while maximizing the use of your bandwidth. This has no effect when using the newer boto3 backend. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-multipart-max-timeout",
            "arg": null,
            "description": "You can control the maximum time (in seconds) a multipart upload can spend on uploading a single chunk to S3. This may be useful if you find your system hanging on multipart uploads or if you'd like to control the time variance when uploading to S3 to ensure you kill connections to slow S3 endpoints. This has no effect when using the newer boto3 backend. See also A NOTE ON AMAZON S3 below."
        },
        {
            "flag": "",
            "long": "--s3-region-name",
            "arg": null,
            "description": "Specifies the region of the S3 storage. This is currently only used in the newer boto3 backend."
        },
        {
            "flag": "",
            "long": "--s3-endpoint-url",
            "arg": null,
            "description": "Specifies the endpoint URL of the S3 storage. This is currently only used in the newer boto3 backend."
        },
        {
            "flag": "",
            "long": "--azure-blob-tier",
            "arg": null,
            "description": "Standard storage tier used for backup files (Hot|Cool|Archive)."
        },
        {
            "flag": "",
            "long": "--azure-max-single-put-size",
            "arg": null,
            "description": "Specify the number of the largest supported upload size where the Azure library makes only one put call. If the content size is known and below this value the Azure library will only perform one put request to upload one block. The number is expected to be in bytes."
        },
        {
            "flag": "",
            "long": "--azure-max-block-size",
            "arg": null,
            "description": "Specify the number for the block size used by the Azure library to upload blobs if it is split into multiple blocks. The maximum block size the service supports is 104857600 (100MiB) and the default is 4194304 (4MiB)"
        },
        {
            "flag": "",
            "long": "--azure-max-connections",
            "arg": null,
            "description": "Specify the number of maximum connections to transfer one blob to Azure blob size exceeds 64MB. The default values is 2. --scp-command command (only ssh pexpect backend with --use-scp enabled) The command will be used instead of \"scp\" to send or receive files. To list and delete existing files, the sftp command is used. See also A NOTE ON SSH BACKENDS section SSH pexpect backend. --sftp-command command (only ssh pexpect backend) The command will be used instead of \"sftp\". See also A NOTE ON SSH BACKENDS section SSH pexpect backend."
        },
        {
            "flag": "",
            "long": "--short-filenames",
            "arg": null,
            "description": "If this option is specified, the names of the files duplicity writes will be shorter (about 30 chars) but less understandable. This may be useful when backing up to MacOS or another OS or FS that doesn't support long filenames. --sign-key key-id This option can be used when backing up, restoring or verifying. When backing up, all backup files will be signed with keyid key. When restoring, duplicity will signal an error if any remote file is not signed with the given key-id. The key-id can be given in any of the formats supported by GnuPG; see gpg(1), section \"HOW TO SPECIFY A USER ID\" for details. Should be specified only once because currently only one signing key is supported. Last entry overrides all other entries. See also A NOTE ON SYMMETRIC ENCRYPTION AND SIGNING"
        },
        {
            "flag": "",
            "long": "--ssh-askpass",
            "arg": null,
            "description": "Tells the ssh backend to prompt the user for the remote system password, if it was not defined in target url and no FTPPASSWORD env var is set. This password is also used for passphrase-protected ssh keys. --ssh-options options Allows you to pass options to the ssh backend. Can be specified multiple times or as a space separated options list. The options list should be of the form \"-oOpt1='parm1' -oOpt2='parm2'\" where the option string is quoted and the only spaces allowed are between options. The option string will be passed verbatim to both scp and sftp, whose command line syntax differs slightly hence the options should therefore be given in the long option format described in sshconfig(5). example of a list: duplicity --ssh-options=\"-oProtocol=2 -oIdentityFile='/my/backup/id'\" /home/me scp://user@host/somedir example with multiple parameters: duplicity --ssh-options=\"-oProtocol=2\" --ssh-options=\"-oIdentityFile='/my/backup/id'\" /home/me scp://user@host/somedir NOTE: The ssh paramiko backend currently supports only the -i or -oIdentityFile or -oUserKnownHostsFile or -oGlobalKnownHostsFile settings. If needed provide more host specific options via sshconfig file. --ssl-cacert-file file (only webdav & lftp backend) Provide a cacert file for ssl certificate verification. See also A NOTE ON SSL CERTIFICATE VERIFICATION. --ssl-cacert-path path/to/certs/ (only webdav backend and python 2.7.9+ OR lftp+webdavs and a recent lftp) Provide a path to a folder containing cacert files for ssl certificate verification. See also A NOTE ON SSL CERTIFICATE VERIFICATION."
        },
        {
            "flag": "",
            "long": "--ssl-no-check-certificate",
            "arg": null,
            "description": "(only webdav & lftp backend) Disable ssl certificate verification. See also A NOTE ON SSL CERTIFICATE VERIFICATION."
        },
        {
            "flag": "",
            "long": "--swift-storage-policy",
            "arg": null,
            "description": "Use this storage policy when operating on Swift containers. See also A NOTE ON SWIFT (OPENSTACK OBJECT STORAGE) ACCESS. --metadata-sync-mode mode This option defaults to 'partial', but you can set it to 'full' Use 'partial' to avoid syncing metadata for backup chains that you are not going to use. This saves time when restoring for the first time, and lets you restore an old backup that was encrypted with a different passphrase by supplying only the target passphrase. Use 'full' to sync metadata for all backup chains on the remote. --tempdir directory Use this existing directory for duplicity temporary files instead of the system default, which is usually the /tmp directory. This option supersedes any environment variable. See also ENVIRONMENT VARIABLES."
        },
        {
            "flag": "-t",
            "long": "--restore-time",
            "arg": null,
            "description": "Specify the time from which to restore or list files. --time-separator char Use char as the time separator in filenames instead of colon (\":\"). --timeout seconds Use seconds as the socket timeout value if duplicity begins to timeout during network operations. The default is 30 seconds."
        },
        {
            "flag": "",
            "long": "--use-agent",
            "arg": null,
            "description": "If this option is specified, then --use-agent is passed to the GnuPG encryption process and it will try to connect to gpg-agent before it asks for a passphrase for --encrypt-key or --sign-key if needed. Note: Contrary to previous versions of duplicity, this option will also be honored by GnuPG 2 and newer versions. If GnuPG 2 is in use, duplicity passes the option --pinentry-mode=loopback to the the gpg process unless --use-agent is specified on the duplicity command line. This has the effect that GnuPG 2 uses the agent only if --use- agent is given, just like GnuPG 1. --verbosity level, -vlevel Specify output verbosity level (log level). Named levels and corresponding values are 0 Error, 2 Warning, 4 Notice (default), 8 Info, 9 Debug (noisiest). level may also be a character: e, w, n, i, d a word: error, warning, notice, info, debug The options -v4, -vn and -vnotice are functionally equivalent, as are the mixed/upper- case versions -vN, -vNotice and -vNOTICE."
        },
        {
            "flag": "",
            "long": "--version",
            "arg": null,
            "description": "Print duplicity's version and quit. --volsize number Change the volume size to number MB. Default is 200MB."
        }
    ],
    "examples": [
        "Here is an example of a backup, using sftp to back up /home/me to somedir on the other.host",
        "machine:",
        "duplicity /home/me sftp://uid@other.host/somedir",
        "If the above is run repeatedly, the first will be a full backup, and subsequent ones will be",
        "incremental. To force a full backup, use the full action:",
        "duplicity full /home/me sftp://uid@other.host/somedir",
        "or enforcing a full every other time via --full-if-older-than <time> , e.g. a full every",
        "month:",
        "duplicity --full-if-older-than 1M /home/me sftp://uid@other.host/somedir",
        "Now suppose we accidentally delete /home/me and want to restore it the way it was at the time",
        "of last backup:",
        "duplicity sftp://uid@other.host/somedir /home/me",
        "Duplicity enters restore mode because the URL comes before the local directory.  If we wanted",
        "to restore just the file \"Mail/article\" in /home/me as it was three days ago into",
        "/home/me/restoredfile:",
        "duplicity -t 3D --file-to-restore Mail/article sftp://uid@other.host/somedir",
        "/home/me/restoredfile",
        "The following command compares the latest backup with the current files:",
        "duplicity verify sftp://uid@other.host/somedir /home/me",
        "Finally, duplicity recognizes several include/exclude options.  For instance, the following",
        "will backup the root directory, but exclude /mnt, /tmp, and /proc:",
        "duplicity --exclude /mnt --exclude /tmp --exclude /proc / file:///usr/local/backup",
        "Note that in this case the destination is the local directory /usr/local/backup.  The",
        "following will backup only the /home and /etc directories under root:",
        "duplicity --include /home --include /etc --exclude '' / file:///usr/local/backup",
        "Duplicity can also access a repository via ftp.  If a user name is given, the environment",
        "variable FTPPASSWORD is read to determine the password:",
        "FTPPASSWORD=mypassword duplicity /local/dir ftp://user@other.host/somedir"
    ],
    "see_also": [
        {
            "name": "rdiffdir",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/rdiffdir/1/json"
        },
        {
            "name": "python",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/python/1/json"
        },
        {
            "name": "rdiff",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/rdiff/1/json"
        },
        {
            "name": "rdiff-backup",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/rdiff-backup/1/json"
        }
    ],
    "tldr": {
        "source": "official",
        "description": "Create incremental, compressed, encrypted, and versioned backups.",
        "examples": [
            {
                "description": "Backup a directory via FTPS to a remote machine, encrypting it with a password",
                "command": "FTP_PASSWORD={{ftp_login_password}} PASSPHRASE={{encryption_password}} duplicity {{path/to/source_directory}} {{ftps://user@hostname/path/to/target_directory}}/"
            },
            {
                "description": "Backup a directory to Amazon S3, doing a full backup every month",
                "command": "duplicity --full-if-older-than {{1M}} s3://{{bucket_name[/prefix}}"
            },
            {
                "description": "Delete versions older than 1 year from a backup stored on a WebDAV share",
                "command": "FTP_PASSWORD={{webdav_login_password}} duplicity remove-older-than {{1Y}} --force {{webdav[s]://user@hostname[:port]/some_directory}}"
            },
            {
                "description": "List the available backups",
                "command": "duplicity collection-status \"file://{{absolute/path/to/backup_directory}}\""
            },
            {
                "description": "List the files in a backup stored on a remote machine, via SSH",
                "command": "duplicity list-current-files {{-t|--time}} {{YYYY-MM-DD}} scp://{{user@hostname}}/{{path/to/backup_directory}}"
            },
            {
                "description": "Restore a subdirectory from a GnuPG-encrypted local backup to a given location",
                "command": "PASSPHRASE={{gpg_key_password}} duplicity restore --encrypt-key {{gpg_key_id}} --path-to-restore {{path/to/restore_directory}} file://{{absolute/path/to/backup_directory}} {{path/to/directory_to_restore_to}}"
            }
        ]
    }
}