# man > duplicity(host)

---
type: CommandReference
command: duplicity
mode: man
section: 1
source: man-pages
---

## Quick Reference

- `duplicity /local/dir sftp://user@host/some_dir` — Back up a local directory to remote host via SFTP (first run is full, subsequent are incremental)
- `duplicity full /local/dir sftp://user@host/some_dir` — Force a full backup
- `duplicity --full-if-older-than 1M /local/dir sftp://user@host/some_dir` — Perform full backup if last full is older than 1 month
- `duplicity sftp://user@host/some_dir /local/dir` — Restore latest backup to local directory
- `duplicity -t 3D --file-to-restore Mail/article sftp://user@host/some_dir /local/restored_file` — Restore a specific file as of 3 days ago
- `duplicity verify sftp://user@host/some_dir /local/dir` — Verify integrity of backup (compare signatures)
- `duplicity remove-older-than 1Y --force sftp://user@host/some_dir` — Delete backups older than 1 year
- `duplicity collection-status "file:///backup/dir"` — List all backup sets

## Name

Encrypted incremental backup to local or remote storage.

## Synopsis

`duplicity [full|incremental] [options] source_directory target_url`

`duplicity verify [options] [--compare-data] [--file-to-restore <relpath>] [--time time] source_url target_directory`

`duplicity collection-status [options] [--file-changed <relpath>] target_url`

`duplicity list-current-files [options] [--time time] target_url`

`duplicity [restore] [options] [--file-to-restore <relpath>] [--time time] source_url target_directory`

`duplicity remove-older-than <time> [options] [--force] target_url`

`duplicity remove-all-but-n-full <count> [options] [--force] target_url`

`duplicity remove-all-inc-of-but-n-full <count> [options] [--force] target_url`

`duplicity cleanup [options] [--force] target_url`

`duplicity replicate [options] [--time time] source_url target_url`

## Options

### Backup mode selection

- `full <folder> <url>` — Perform a full backup (starts a new chain)
- `incr <folder> <url>` — Perform an incremental backup (requires old signatures)
- `--full-if-older-than <time>` — Perform a full backup if the latest full is older than the given time

### Encryption and signing

- `--encrypt-key <key-id>` — Encrypt to a specific GPG public key (repeatable)
- `--hidden-encrypt-key <key-id>` — Same as `--encrypt-key` but hides the key ID in encrypted files
- `--sign-key <key-id>` — Sign all backup files with the given key
- `--encrypt-sign-key <key-id>` — Shorthand for both `--encrypt-key` and `--sign-key` with the same key
- `--no-encryption` — Do not encrypt files
- `--use-agent` — Use gpg-agent for passphrase handling

### File selection

- `--include <shell_pattern>` — Include files matching pattern
- `--exclude <shell_pattern>` — Exclude files matching pattern
- `--include-filelist <filename>` — Include files listed in file
- `--exclude-filelist <filename>` — Exclude files listed in file
- `--include-regexp <regexp>` — Include files matching regex
- `--exclude-regexp <regexp>` — Exclude files matching regex
- `--exclude-device-files` — Exclude all device files
- `--exclude-if-present <filename>` — Exclude directories that contain the given file
- `--exclude-older-than <time>` — Exclude files with modification time older than given time
- `--exclude-other-filesystems` — Exclude files on different filesystems
- `--copy-links` — Back up the target of symlinks instead of the symlinks themselves
- `--null-separator` — Use null (0x00) instead of newline in filelists

### Restore and verification

- `--file-to-restore <relpath>` — Restore only a specific path (relative to backup root)
- `-t, --time, --restore-time <time>` — Specify the time from which to restore or list files
- `--compare-data` — During verify, also compare restored files to local copies
- `--numeric-owner` — Restore using numeric UID/GID instead of names
- `--do-not-restore-ownership` — Do not restore ownership (keep current user)

### Repository management

- `remove-older-than <time> [--force]` — Delete backup sets older than given time
- `remove-all-but-n-full <count> [--force]` — Keep only the last N full backups and their increments
- `remove-all-inc-of-but-n-full <count> [--force]` — Delete incremental sets older than the N:th last full backup
- `cleanup [--force]` — Delete extraneous duplicity files after a crash

### General options

- `--archive-dir <path>` — Local cache directory for signatures (default `~/.cache/duplicity/`)
- `--name <symbolicname>` — Logical name for the backup (affects archive-dir subdirectory)
- `--volsize <number>` — Volume size in MB (default 200)
- `--verbosity, -v <level>` — Output verbosity (0=Error, 2=Warning, 4=Notice, 8=Info, 9=Debug)
- `--dry-run` — Calculate what would be done without performing any backend actions
- `--force` — Proceed even if data loss might result
- `--ignore-errors` — Try to continue despite certain errors
- `--num-retries <number>` — Number of retries on error (default depends on backend)
- `--timeout <seconds>` — Socket timeout (default 30)
- `--backend-retry-delay <number>` — Seconds to wait before retry
- `--tempdir <directory>` — Temporary directory (overrides TMPDIR)
- `--progress` — Show upload progress and estimated time
- `--progress-rate <number>` — Update interval for progress (default 3 seconds)
- `--no-print-statistics` — Do not print backup statistics after successful backup

### Backend-specific options

- `--ssh-askpass` — Prompt for SSH password interactively
- `--ssh-options <options>` — Pass options to SSH (e.g., `-oIdentityFile=...`)
- `--scp-command <command>` — Override scp command (pexpect backend)
- `--sftp-command <command>` — Override sftp command (pexpect backend)
- `--ftp-passive` — Use passive FTP (default, falls back to regular)
- `--ftp-regular` — Use regular (PORT) FTP
- `--s3-european-buckets` — Create S3 buckets in Europe (use with `--s3-use-new-style`)
- `--s3-use-new-style` — Use new-style subdomain bucket addressing
- `--s3-unencrypted-connection` — Do not use SSL for S3 connection
- `--s3-use-rrs` — Use Reduced Redundancy Storage
- `--s3-use-ia` — Use Standard-IA storage class
- `--s3-use-onezone-ia` — Use One Zone-IA storage class
- `--s3-use-glacier` — Use Glacier storage class
- `--s3-use-deep-archive` — Use Glacier Deep Archive storage class
- `--s3-use-server-side-encryption` — Enable server-side encryption
- `--s3-region-name <region>` — Set S3 region (boto3 backend)
- `--s3-endpoint-url <url>` — Set custom S3 endpoint (boto3 backend)
- `--s3-multipart-chunk-size <MB>` — Chunk size for multipart uploads
- `--s3-multipart-max-procs <n>` — Max processes for multipart upload
- `--s3-multipart-max-timeout <seconds>` — Max time for a single chunk upload
- `--s3-use-multiprocessing` — Use multiple processes for multipart upload (legacy boto)
- `--azure-blob-tier <Hot|Cool|Archive>` — Azure blob storage tier
- `--azure-max-single-put-size <bytes>` — Max size for single put
- `--azure-max-block-size <bytes>` — Block size for multipart upload
- `--azure-max-connections <n>` — Max connections for blob upload
- `--b2-hide-files` — Hide files in B2 instead of deleting
- `--swift-storage-policy <policy>` — OpenStack Swift storage policy
- `--cf-backend <pyrax|cloudfiles>` — Select cloudfiles backend
- `--ssl-cacert-file <file>` — CA certificate file for SSL verification (webdav, lftp)
- `--ssl-cacert-path <path>` — CA certificate directory (webdav, lftp)
- `--ssl-no-check-certificate` — Disable SSL certificate verification
- `--par2-redundancy <percent>` — Redundancy level for Par2 recovery files (default 10%)
- `--par2-options <options>` — Extra options to pass to par2
- `--rsync-options <options>` — Options to pass to rsync backend
- `--imap-full-address <email>` — Full email address for IMAP login
- `--imap-mailbox <mailbox>` — IMAP mailbox name (default INBOX)
- `--gio` — Use GIO backend
- `--file-prefix <prefix>` — Prefix for all remote files
- `--file-prefix-manifest <prefix>` — Prefix for manifest files
- `--file-prefix-archive <prefix>` — Prefix for archive files
- `--file-prefix-signature <prefix>` — Prefix for signature files
- `--short-filenames` — Use shorter (30-char) filenames
- `--old-filenames` — Use old filename format
- `--time-separator <char>` — Character to replace colon in timestamps
- `--metadata-sync-mode <partial|full>` — How aggressively to sync metadata
- `--allow-source-mismatch` — Allow backing up different directories to same archive dir
- `--asynchronous-upload` — Upload volumes while preparing next (experimental, requires extra disk space)
- `--rename <orig_path> <new_path>` — Rename a path during restore (repeatable)
- `--gpg-binary <file_path>` — Path to GPG binary (default `gpg`)
- `--gpg-options <options>` — Extra options to pass to GPG
- `--max-blocksize <number>` — Max block size for diff (in multiples of 512, default 2048)

## Environment variables

- `TMPDIR`, `TEMP`, `TMP` — Temporary directory (overridden by `--tempdir`)
- `FTP_PASSWORD` — Password for FTP, WebDAV, and other password-based backends
- `PASSPHRASE` — Passphrase for GnuPG symmetric encryption
- `SIGN_PASSPHRASE` — Passphrase for signing key (falls back to `PASSPHRASE` if same key)
- Backend-specific: `AZURE_CONNECTION_STRING`, `BOX_CONFIG_PATH`, `CLOUDFILES_USERNAME`, `CLOUDFILES_APIKEY`, `DPBX_ACCESS_TOKEN`, `GS_ACCESS_KEY_ID`, `GS_SECRET_ACCESS_KEY`, `SWIFT_USERNAME`, `SWIFT_PASSWORD`, `SWIFT_AUTHURL`, `SWIFT_TENANTID`, `SWIFT_REGIONNAME`, `SWIFT_PREAUTHURL`, `SWIFT_PREAUTHTOKEN`, `GOOGLE_DRIVE_ACCOUNT_KEY`, `GOOGLE_DRIVE_SETTINGS`, `GOOGLE_SERVICE_JSON_FILE`, `GOOGLE_CLIENT_SECRET_JSON_FILE`, `GOOGLE_CREDENTIALS_FILE`, `PCA_USERNAME`, etc.

## URL formats

- `file:///absolute/path` — Local filesystem
- `ftp[s]://user[:password]@host[:port]/path` — FTP/FTPS (default lftp backend)
- `sftp://user[:password]@host[:port]/path` — SFTP (default paramiko backend)
- `scp://user[:password]@host[:port]/path` — SCP via SSH
- `rsync://user[:password]@host[:port]/module/path` — Rsync daemon
- `rsync://user@host/path` — Rsync over SSH
- `s3://bucket[/prefix]` — Amazon S3 (legacy boto backend)
- `boto3+s3://bucket[/prefix]` — Amazon S3 (boto3 backend)
- `azblob://container` — Azure Blob Storage
- `b2://account_id[:app_key]@bucket[/folder]` — Backblaze B2
- `gs://bucket[/prefix]` — Google Cloud Storage (requires interoperable access keys)
- `swift://container[/prefix]` — OpenStack Swift
- `pca://container[/prefix]` — OVH Public Cloud Archive
- `webdav[s]://user[:password]@host[:port]/path` — WebDAV
- `hsi://user[:password]@host/path` — HSI
- `imap[s]://user[:password]@host[/prefix]` — IMAP
- `mega://user[:password]@mega.nz/path` — MEGA (legacy)
- `megav2://user[:password]@mega.nz/path` — MEGA with MEGAcmd (post-2018)
- `dropbox:///path` — Dropbox (requires `DPBX_ACCESS_TOKEN`)
- `onedrive:///path` — Microsoft OneDrive
- `gdocs://user[:password]@host/path` — Google Docs (pydrive backend)
- `gdrive://service_account_email/path` — Google Drive (service account)
- `pydrive://service_account_email/path` — Google Drive via PyDrive
- `box:///path` — Box (requires custom app)
- `ad:///path` — Amazon Drive
- `hubic://container` — hubiC (via Swift)
- `rclone://remote:/path` — rclone backend
- `par2+scheme://...` — Par2 recovery wrapper
- `multi:///path/to/config.json` — Multi-backend (RAID0 or RAID1)

## Examples

Back up `/home/me` to a remote host via SFTP:

shell
duplicity /home/me sftp://user@other.host/some_dir
Force a full backup every month:

shell
duplicity --full-if-older-than 1M /home/me sftp://user@other.host/some_dir
Restore the entire backup to `/home/me`:

shell
duplicity sftp://user@other.host/some_dir /home/me
Restore a file as it was 3 days ago:

shell
duplicity -t 3D --file-to-restore Mail/article sftp://user@other.host/some_dir /home/me/restored_file
Verify the latest backup against local files:

shell
duplicity verify sftp://user@other.host/some_dir /home/me
Back up root but exclude `/mnt`, `/tmp`, `/proc`:

shell
duplicity --exclude /mnt --exclude /tmp --exclude /proc / file:///usr/local/backup
Back up only `/home` and `/etc`:

shell
duplicity --include /home --include /etc --exclude '**' / file:///usr/local/backup
Use FTP with a password from environment:

shell
FTP_PASSWORD=mypassword duplicity /local/dir ftp://user@other.host/some_dir
## See Also

- [rdiffdir(1)](https://www.chedong.com/phpMan.php/man/rdiffdir/1/markdown)
- [rdiff(1)](https://www.chedong.com/phpMan.php/man/rdiff/1/markdown)
- [rdiff-backup(1)](https://www.chedong.com/phpMan.php/man/rdiff-backup/1/markdown)
- [python(1)](https://www.chedong.com/phpMan.php/man/python/1/markdown)
- [gpg(1)](https://www.chedong.com/phpMan.php/man/gpg/1/markdown)