The Problem: Trust and Control in Cloud Backups

Most cloud backup services hold the encryption keys for your data. That means they, or anyone who gains access to their systems, can decrypt your backups. This model depends on trust — trust that your provider won’t access or mishandle your data. In a zero-trust world, that’s unacceptable.

Zero-Trust Philosophy

Zero-trust means no entity — not the cloud provider, not the backup software vendor — is implicitly trusted. Every operation assumes potential compromise, and security is enforced by design. In backup systems, this means encryption keys never leave the customer’s control.

Keep-Your-Own-Keys (BYOK) / Customer-Managed Keys (CMK)

Duplicati follows the Keep-Your-Own-Keys (KYOK) and Customer-Managed Keys (CMK) principles. You generate and hold your encryption keys. Duplicati never uploads them, never transmits them, and never has a mechanism to retrieve them. Your data is encrypted locally before leaving your device, using AES-256 with authenticated encryption.

Even if your storage provider, ISP, or Duplicati’s own servers are compromised, your backups remain opaque and cryptographically protected. Only you can decrypt them.

How It Works in Duplicati

1. Client-side Encryption

   Before a single byte is sent, Duplicati encrypts each block using your key. Metadata and filenames are also encrypted, eliminating leakage of structure or file names.

2. Provider Independence

   Duplicati supports many backends — S3, Azure, WebDAV, SFTP, etc. Because encryption is applied before upload, security is identical across all providers.

3. Zero Key Retention

   Duplicati does not store or back up your keys. If you lose them, your data is unrecoverable — a feature, not a bug, in a zero-trust model.

4. Integrity Verification

   Duplicati signs and validates each block to detect tampering or bit-rot, ensuring you know if data integrity is ever compromised.

Why BYOK Matters

• Regulatory alignment: BYOK/CMK helps satisfy data protection requirements under GDPR, HIPAA, and similar frameworks.

• Breach resilience: Even if your storage or account credentials are leaked, encrypted data remains unusable.

• Operational separation: The storage operator and key custodian are distinct — you hold the keys, they hold the bytes.

Summary

Duplicati implements zero-trust backup through strict BYOK/CMK design:

• Local encryption before transfer

• No key storage or transmission

• Complete provider independence

Your backups are secure because no one else — including Duplicati — can read them.

In zero-trust environments, the only safe backup is one even your backup provider cannot decrypt. Duplicati achieves that by design.

Start using Duplicati today and take full control of your encryption keys — your data, your rules.