An untested backup is a hope, not a backup. Storing your bytes is the easy part; giving them back, intact, on a clean machine, is the part that actually counts. So we run real end-to-end restore drills and publish the numbers, down to the snapshot ID and the SHA-256 manifests.
Most backup providers show you a storage meter. A meter tells you bytes went somewhere. It does not tell you those bytes will come back as the files you put in. The only thing that proves recoverability is performing a restore and checking the result against the original, and almost nobody shows you that.
We do. We run real end-to-end restore drills: an independent machine outside our primary infrastructure backs up a synthetic dataset to a live vault over the real REST endpoint, simulates total loss, runs a deep integrity check that reads every byte in the repository, restores to a clean target, and compares the restored tree against a cryptographic manifest of the original. The drill uses synthetic test data only. It never touches customer footage. The most recent run is published in full below.
Seven steps, the same every time. Each one is something you could run yourself against your own vault with stock Restic.
Generate a deterministic dataset of text and binary files, including deeply nested paths. Test data only, never real content.
Compute a sha256 of every file and a manifest hash over the whole tree. This is the ground truth we will compare against.
Run restic backup over the live REST endpoint, the same path a real customer uses.
Delete the source tree entirely. From here, the vault is the only copy that exists.
Run restic check --read-data, which reads and re-verifies every block in the repository, not just the index. This is the check most providers never show.
Run restic restore onto a fresh directory on a machine that is not the storage node. Recovery onto a different host is the real test.
Re-hash the restored tree and compare its manifest to the original. They must be identical, or the drill fails.
This is the most recent run, verbatim from the drill output. The source and restored manifests are identical, which means every recovered file matched its original exactly.
End-to-end restore drill
Run 2026-06-26 23:40–23:42 UTC · independent verifier host
Result
PASS — byte-for-byte identical
Restic version
0.14.0 (go1.19.8, linux/amd64)
Corpus
2,004 files / 256 MiB synthetic
Snapshot
96829439
Deep check (read-data)
no errors — 33/33 packs, 72s
Restore time
55s to a clean target
Source manifest (SHA-256)
d31922b5e13e2003d1c2fa0f0431cdec06fb9111f7b082f5cb75c7ef4b8c5764
Restored manifest (SHA-256)
d31922b5e13e2003d1c2fa0f0431cdec06fb9111f7b082f5cb75c7ef4b8c5764
Manifests are a hash over every file in the tree. When the source and restored manifests match, recovery was perfect; a single flipped bit anywhere would change the hash and fail the drill.
You do not have to take our word for it. The same verification works against your own vault with stock Restic. Point it at your repository and run a deep check any time. This is a normal, healthy thing to do with any backup target, ours included.
# your vault, your password, both from your portal export RESTIC_REPOSITORY="rest:https://USER:TOKEN@YOURVAULT.vault.servercrate.net/" export RESTIC_PASSWORD="your-repository-password" restic snapshots # what is stored restic check --read-data # verify every byte restic restore latest --target /tmp/restore # prove recovery
The exact script that produced the result above is open source. Read it, audit it, or run it against any Restic repository, not only ours: github.com/servercrate/restic-toolkit (scripts/sc-restore-drill.sh).
Want the full picture of redundancy and how to leave whenever you want?
10 GB free. No card. Restore-verified storage in 5 minutes.