Usage
Source Types
Cloudstic supports multiple backup sources:- local: Local filesystem directory
- sftp: Remote directory via SFTP
- gdrive: Google Drive (full scan)
- gdrive-changes: Google Drive (incremental via changes API)
- onedrive: Microsoft OneDrive (full scan)
- onedrive-changes: Microsoft OneDrive (incremental via delta API)
Options
Run backup using a named profile from profiles.yaml. The profile’s source, store, auth, tags, and exclude settings are applied automatically. CLI flags override profile values.
Run backup for all enabled profiles from profiles.yaml. Each profile runs with its own store, source, and auth configuration. Mutually exclusive with
-profile.Source to backup from. Can also be set via
CLOUDSTIC_SOURCE environment variable.For local and SFTP sources, include the path as a URI: local:<path> or sftp://[user@]host[:port]/<path>. For cloud sources, use keywords or keywords with paths: gdrive[://<Drive Name>][/<path>], gdrive-changes[://<Drive Name>][/<path>], onedrive[://<Drive Name>][/<path>], onedrive-changes[://<Drive Name>][/<path>].Use a named auth entry from profiles.yaml for cloud source credentials. Allows reusing OAuth tokens across commands without a full profile.
Tag to apply to the snapshot. Can be specified multiple times to add multiple tags.Tags are useful for organizing and filtering snapshots later.
Exclude pattern using gitignore syntax. Can be specified multiple times.Examples:
*.log, node_modules/, .git/Path to a file containing exclude patterns (one per line, gitignore syntax).Patterns from this file are combined with patterns from
-exclude flags.Skip creating a new snapshot when the resulting tree is identical to the previous snapshot.The backup still scans the source and reports stats, but no new checkpoint is written when nothing changed.
Scan the source and report changes without writing to the repository.Useful for testing exclude patterns or previewing what will be backed up.
Override the auto-detected volume UUID for local sources. Enables cross-machine incremental backups for portable drives. Can also be set via
CLOUDSTIC_VOLUME_UUID environment variable.On macOS and Linux, the GPT partition UUID is detected automatically and is stable across operating systems. Use this flag when auto-detection is unavailable (Windows, MBR-formatted drives) or to manually link backups to a specific snapshot lineage.Global Options
Use-json to emit the command result as a single JSON document on stdout.
Examples
Output
Successful backup output includes:Incremental Backups
Cloudstic automatically performs incremental backups by comparing against the previous snapshot from the same source. Only new and changed files are uploaded to the repository. For cloud sources (Google Drive, OneDrive), the-changes variants use the provider’s native change tracking APIs for more efficient scans:
gdrive-changesuses Google Drive Changes APIonedrive-changesuses Microsoft Graph Delta API
The first backup from a source is always a full backup. Subsequent backups from the same source identity are incremental. Identity matching prefers stable IDs (
type + identity + path_id) and falls back to legacy matching for older snapshots.For
gdrive-changes and onedrive-changes, enabling -ignore-empty-snapshot means an unchanged run does not persist the fresh change token for that run. The next backup may therefore revisit the same empty delta window.Exclude Patterns
Exclude patterns follow gitignore syntax:*matches any sequence of non-separator characters**matches any sequence of characters including path separators?matches any single non-separator character- Patterns ending with
/only match directories - Patterns starting with
!negate the pattern
Source Authentication
Local and SFTP
For SFTP sources, provide connection details via flags:| Flag | Description |
|---|---|
-source-sftp-password <pw> | SFTP password |
-source-sftp-key <path> | Path to private key |
-source-sftp-known-hosts <path> | Path to known_hosts file |
-source-sftp-insecure | Skip host key validation (INSECURE) |
Google Drive
Google Drive sources use OAuth 2.0. On first use, Cloudstic will open a browser for authentication. The access token is cached asgoogle_token.json in your platform config directory.
For service account authentication, set GOOGLE_APPLICATION_CREDENTIALS to point to your service account JSON key.
OneDrive
OneDrive sources also use OAuth 2.0 with browser-based authentication. The token is cached asonedrive_token.json in your platform config directory.
For custom OAuth applications, set ONEDRIVE_CLIENT_ID with your registered app client ID.
Performance
Backup performance depends on:- Source type: Cloud sources (Drive/OneDrive) are slower than local/SFTP due to API rate limits
- File size distribution: Many small files take longer to process than fewer large files
- Network bandwidth: Upload speed to your storage backend
- Deduplication: Unchanged files are skipped instantly
Error Handling
If the backup fails partway through:- The snapshot is NOT saved: the repository remains in a consistent state
- No partial snapshots are created
- Data already uploaded (chunks, content) is safely deduplicated on the next run
- Simply re-run the backup command to retry
backup acquires a shared lock on the repository at run start (skipped for -dry-run). Multiple backups can run concurrently because shared locks coexist. The lock is released when the command exits. If the repository holds an exclusive lock (from a running prune), backup will fail immediately with a lock error. See Repository Locking for details.See Also
- cloudstic restore: Restore files from a backup snapshot
- cloudstic list: List all backup snapshots
- cloudstic diff: Compare two snapshots