Despite its name, duplicity [1] is not a command to enable dishonesty. Instead, duplicity is one of those modern command-line tools that combines more than one function in the same application. Instead of encrypting files in a separate operation and then backing them up, duplicity does both in a single step. When it comes to using duplicity, its only limitation is a somewhat eccentric command structure.

Using GnuGPG for encryption, duplicity backs up directories and files on a local or remote server. Although sources to back up are expressed as directory paths, targets for the backup files must be listed as a URL, not a path. For example, a local target directory must be identified as file:///usr/local/backup rather than /backup. (Note that the three forward slashes in the target URL are not an error: Two are for the URL, and the third is for the path from root.) By default, each archive is placed in a separate directory unless you use the --allow-source-mismatch option.

duplicity supports backups to local drives (including mounted external drives), FTP, SFTP/SCP, Rsync, WebDAV, Google Docs, HSI, and Amazon S3. duplicity's man page does not detail how to set up all these various targets, but detailed instructions and examples are available online, particularly for those that require additional libraries, such as Google Drive, which requires PyDrive [2], and Amazon S3, which requires python-boto [3]. Some targets also take unique options. Regardless of the targets, after the first creation of a backup, later backups will be incremental, affecting only parts of files that have changed since the last backup (Figure 1). Remember that directories containing a backup display in a file manager, but the backup archives do not since they are encrypted. You will need to use duplicity to list the backup archives (see the Actions section).

[...]