(Almost) Free Google Drive Backup

Have you truly considered the catastrophic risks of losing all your Google Drive data? Can your business afford such a loss?

generate image in anime style where white collar in suit grabs his head because he realized that lost his reports

Let me guide you in mitigating those risks. I asked myself the same question and searched for a reliable, out-of-the-box solution. Disappointed with Google’s suggestions, I decided to build my own. Think of it as playing with Lego-assembling the necessary components.

What building blocks do we need?

  • Access to your Google Cloud Console
  • rclone: A powerful tool that provides rsync-like CLI functionality for managing filesystems and cloud storage. It’s well-documented, but we’ll focus on a streamlined approach

Google Cloud Console: Setting Up the Service Account

We’ll start with the most crucial step: obtaining the necessary credentials to interact with the Google API. (Remember to enable the Google Drive API if you haven’t already) This involves creating a Service Account and generating a JSON private key.

Here’s an example of what it looks like:

{
  "type": "service_account",
  "project_id": "<project name>",
  "private_key_id": "<hash>",
  "private_key": "-----BEGIN PRIVATE KEY-----\n<some base64 encoded stuff>\n-----END PRIVATE KEY-----\n",
  "client_email": "<service account name>@<project name>.iam.gserviceaccount.com",
  "client_id": "<another one id>",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/<service account name>%40<project name>.iam.gserviceaccount.com",
  "universe_domain": "googleapis.com"
}

rclone: Configuring and Executing the Backup

We’re almost there! The next step is to set up rclone for automated execution using cron on a host of your choice. I’ll skip the details of acquiring a hosting environment.

Here’s prepared rclone.conf:

[google-drive]
type = drive
service_account_file = /config/rclone/sa.json  # <- The key

And here’s how to use it with Docker:

docker run --rm -it \
    -v ./config:/config/rclone \
    -v ./data:/data \
    rclone/rclone --drive-shared-with-me \
    copy google-drive:<SHARED FOLDER> /data/$(date +"%Y-%m-%d")

rclone: Recovering the Backup

To restore your backup, simply reverse the source and destination paths in the rclone copy command:

docker run --rm -it \
    -v ./config:/config/rclone \
    -v ./data:/data \
    rclone/rclone --drive-shared-with-me \
    copy /data/$(date +"%Y-%m-%d") google-drive:<SHARED FOLDER>

Be aware that if you recover data, the original permissions will be lost, and the Service Account will become the owner of all recovered data.

Important Note

A Service Account is essentially an account with its own folder and permissions within Google Drive. Therefore, you must share the desired folders with it. The <SHARED FOLDER> in the bash command refers to the exact name of the shared folder.

Conclusion

This provides a solid foundation for Google Drive backup. To enhance its enterprise-level security and reliability, consider implementing additional encryption and robust, cost-effective storage solutions.

Stay tuned, we’re gonna talk about that next.