Back to all recipes
Beginner Recipe

Backup your current directory

This recipe shows how to back up the directory you are currently in using a simple tar -cf - . command. The Backup Verified agent reads that output, encrypts it locally, uploads the encrypted backup, and lets you download and decrypt it later.

View Recipe Decrypt & Restore

What this recipe is for

This is the simplest way to protect a folder of files with Backup Verified. It works well when you want to back up a project directory, a working folder, a set of documents, or any other directory you can cd into first.

On macOS, a common pattern is to open Terminal, move into the folder you want to protect, and run the agent there. The command creates a tar archive on STDOUT, the agent encrypts it locally, and the encrypted result is uploaded to Backup Verified Managed Storage.

This recipe is intentionally simple. That makes it a good first recipe to test your setup, confirm your keys are working, and practice the full cycle: backup, verify, download, decrypt, and inspect.

Good fit for

  • Project folders
  • Documents and working files
  • Configuration snapshots
  • First-time Backup Verified testing

Not ideal for

  • Large database backups that need database-native dump tools
  • System-wide images or disk cloning

Before you begin

  • Install the Backup Verified agent.
  • Create or obtain your bv-agent.yml config.
  • Make sure your config includes a valid agent_key and client_encryption_key_b64.
  • Run this from the directory you actually want to back up.

Why this works

The command below writes a tar archive to STDOUT instead of creating a local tar file first. The agent reads that stream directly, encrypts it locally, and uploads only the encrypted result.

That means you get a clean, simple workflow without needing to manually create and manage an intermediate archive.

The recipe

Move into the directory you want to protect, then run the backup with a config that uses tar -cf - .. The agent runs the command defined in your config. You do not run the tar command manually.

Working directory

cd /path/to/your/folder

Everything under the current directory will be included unless you intentionally exclude items in a more advanced recipe.

Backup command (executed by the agent)

tar -cf - .

The trailing - tells tar to write the archive to STDOUT. That is exactly what the agent needs.

Suggested BV config

This example is intentionally simple and makes a good starting point for your first successful backup. 

# bv-agent.yml
bv:
  api_base: "https://backupverified.com"
  timeout_seconds: 30
  work_timeout_seconds: 0
  upload_timeout_seconds: 0

agent_key: "YOUR_AGENT_KEY"
client_encryption_key_b64: "YOUR_CLIENT_ENCRYPTION_KEY_B64"

backup:
  source_key: "dir_backup"
  name: "Directory Backup"
  description: "Archive current directory via tar"
  delete_after_days: 0

source:
  type: "tar"
  backup_command: "tar -cf - ."

You can rename source_key, name, and description to match your environment.

How to run it

bv-agent validate-config -config bv-agent.yml
bv-agent backup -config bv-agent.yml

First validate the config. Then run the backup from the directory you want to protect.

What success looks like

  • The agent completes without error.
  • Your backup appears in the Backup Verified portal.
  • You can later download the encrypted file and decrypt it locally.

What could go wrong

This recipe is simple, but simple does not mean foolproof. These are the most common mistakes.

Wrong directory

If you run the command from the wrong location, you will back up the wrong files. Always confirm your current directory first.

Missing config values

A missing or invalid agent_key or client_encryption_key_b64 will prevent a successful run.

Assuming backup means restore is proven

A successful backup is good, but confidence grows when you also practice downloading and decrypting a real backup.

Backup Verified helps you go beyond “I think it worked.” The backup is encrypted locally, uploaded, tracked, and available for later download and local decryption.

How to download it later

  1. 1. Sign in to your Backup Verified portal.
  2. 2. Open the backup entry you want.
  3. 3. Use the download option to retrieve the encrypted backup file.
  4. 4. Save it to a location on your machine where you want to perform the decrypt step.

What you download is still encrypted. That is expected.

Why that matters

The backup is stored encrypted. Backup Verified never needs your decrypted data in order to store it.

Decryption happens locally with your own key material, which is exactly what gives this workflow its privacy and control.

How to decrypt it locally

Once you have downloaded the encrypted backup file, use the agent to decrypt it locally. 

bv-agent decrypt --in backup.bin.enc --out ./restore/ -config bv-agent.yml

Replace backup.bin.enc with your actual downloaded filename. The --out path is where the decrypted result will be written.

Then inspect the output

ls -lah ./restore/

Verify that the restored files are where you expect them to be.

Good habit

Do at least one real download-and-decrypt test early. It is the fastest way to build confidence that your setup is doing exactly what you think it is doing.

What restore means for this recipe

In this recipe, restore usually means recovering the archived directory contents to a local folder, inspecting them, and then copying them back to wherever you need them.

Because this is a directory backup recipe, the restore target may vary. You might restore to a temporary folder first, confirm the contents, and then move files into place.

Related recipes

When you are ready, these are natural next steps.

Backup files and directories

Expand this simple pattern to more targeted paths and exclusions.

View recipe

Run backups daily with cron

Turn a working backup command into a repeatable scheduled workflow.

View recipe

Decrypt & restore

Review the broader decrypt and recovery guidance in one place.

Read guide