Sensitive data and CrashPlan backups

Posted by ProgrammingAce on Mon 30 March 2015

In this day and age, everyone knows that backing up your data is critical, so I use CrashPlan to backup all of my important information. Even the free version of CrashPlan is great, since it lets you backup to an external hard drive, or it’ll copy your data to another computer that you own. The paid version lets you store an unlimited amount of data on their cloud servers. That’s great for most of my data, but there are still some things I just don’t trust to the cloud; particularly my SSH and PGP keys.

In both cases, the results of someone getting access to my PGP or SSH keys is far more dangerous than if I lose access to them. Basically that means I’d rather risk losing access to those keys than letting someone else have them. That being the case, I’ve always avoided backing them up to the cloud even in an encrypted format; but there’s a way you can use CrashPlan to make sure your files are backed up to the cloud and your private keys are backed up too.

What you’ll need:

To do this, you’re going to need to be on the paid plan. This is because the free version of CrashPlan doesn’t let you have more than one backup policy per computer. I’d also recommend you purchase a USB hard drive with physical encryption capabilities. I use this USB thumbdrive. Now we’re going to set CrashPlan to backup your keys to this thumbdrive and the rest of your files to the cloud.


First you need to unlock and connect your encrypted thumbdrive to your computer. Create a folder on the thumbdrive called ‘CrashPlan_backups’. From the CrashPlan app, go to the ‘Destinations’ tab, click the ‘Folders’ button, and click the button next to ‘Select a backup destination folder’. Browse to the folder you created on the thumbdrive and select ‘Ok’.

Creating the backups:

Now we need to create the backup policy. In CrashPlan, select the ‘Settings’ tab, and go to the ‘Backups’ page. Click the ‘Add’ button to create a new backup policy. In the ‘Files’ square, select the confidential files you don’t want backed up to the cloud (things like your Keepass database, SSH keys, and your PGP keys). Set the destination to the folder on your thumbdrive and click ‘Save’.

Now in your default system backup, click the ‘Change’ button in the ‘Files’ square. Remove the confidential files that you added to the backup you created in the last step. This will remove them from any backups that you’ve created, including from CrashPlan’s cloud service. Click ‘Save’.

Now your truly confidential files will be backed up locally every time you connect your encrypted thumbdrive, and they won’t be uploaded to the cloud.