Everything we publish that you might want to verify, inspect, or run alongside your backups. Setup instructions live on the setup guide.
Open-source helper scripts for running Restic against a ServerCrate vault: scheduled backup wrappers, sane retention defaults, healthcheck pings, and systemd unit templates. MIT-licensed, audit-friendly, no vendor binaries.
For verifying signed release artifacts and our warrant canary, and for encrypting security disclosures. RSA-4096, valid through May 2028.
PGP-signed statement that we've received no secret subpoenas, gag orders, or compelled-access requests. Refreshed on a public schedule.
Read the canaryPublic security model, threat model, and incident response policy. SOC 2 audit underway; BAA available for HIPAA-adjacent workloads on the Enterprise tier.
Security modelLooking for install instructions? The 5-minute setup guide walks you through installing Restic, pointing it at your vault, and running your first backup on Linux, macOS, Windows, and Docker.