Time Machine backups to a Veracrypt volume?

time-machine backup partition external-disk encryption

I've got an external USB drive with a few VeraCrypt volumes. I want to use one of them for my Time Machine backups. The partition can be deleted entirely, I just wish to keep it encrypted with VeraCrypt.

Is this possible? When trying to set things up like this, I cannot select this partition as a backup volume in Time Machine settings.

I know I can also create and format a regular partition and use that in Time Machine, and use macOS' or Time Machine's own encryption. But I prefer VeraCrypt.

Note that I'm not using a VeraCrypt container, but an actual partition. Which is then mounted and formatted with regular HPFS+, so I would say after mounting it's virtually the same as without VeraCrypt. But somehow Time Machine won't allow me to select this volume...?


Solution 1:

You need to add the partition manually. In Terminal type

sudo tmutil setdestination -a /Volumes/YourBackupVolume

Check your Time Machine destinations with tmutil destinationinfo before and after adding the new Volume.

Solution 2:

Apple does a lot of things quite good when it comes to usability. This was everything else than easy, when you don't know what you're doing :)

For me the first answer was not enough because I'm missing a lot of infos here: Such as you need to have a sparse bundle on the USB device to do that, it needs to be mounted etc.

So I'll try to lead you step by step through it:

  1. Follow this excellent guide. You don't need a MAC address though since it's a USB device.

    Using a networked drive for Time Machine backups (on a Mac) 10th October 2009 at 20:13

    You'll find similar information to this around the web, but I find it fiddly enough to piece together reliably, and I need it often enough, that I thought I'd blog about it. That way it at least gives me a single place to look. Maybe it will help others too. Much of the specifcs, especially the hdiutil command line and the ifconfig trick, I sourced from this thread in the ReadyNAS forums. Note that the advice is by no means specific to ReadyNAS drives (I have a Thecus NAS myself). Many thanks to btaroli in that thread for the insight.

    Time Machine

    Time Machine is Apple's easy-to-use backup system, baked into OS X (as of Leopard). Unfortunately it doesn't allow you to back-up to a networked drive out of the box. Enabling this ability is pretty easy. Early on there were some reliability issues - which were largely due to the fact that Time Machine created a disk image (more specifically, a sparse bundle) on the network drive, and this was prone to corruption if the network connection was disrupted during a backup. I don't know if all the issues here have been entirely resolved now, but it does seem more reliable. Apple's own Time Capsule, which has been specifically designed to work with Time Machine, uses this same method, so it is no longer an entirely unsupported technique.

    Enabling Time Machine for network drives

    So how do you enable backing up to network drives? Open a terminal window and paste the following in (then hit return, of course):

    defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

    Mounted network drives will then show up in the list of destinations available for storing backups.

    Getting a working disk image

    Unfortunately this is not always enough. Often, after doing this, Time Machine will appear to start preparing a backup then fail with a cryptic error code. The error I have seen is:

    Time Machine could not complete the backup. The backup disk image "/Volumes/backups-1/Wall-E.sparsebundle" could not be created (error 45).

    "Error 45"? What's that. If I try to create a sparse image myself in the same location I'm told, "the operation could not be completed". This is not much more helpful. If you google there are many references around to these errors - mostly in forums. Many of them are not terrible helpful, or require a lot of knowledge and/ or patience.

    I still don't really know what the problem is, although I suspect it's something to do with permissions and/ or attributes. Either way the solution generally seems to be to create the sparse image manually using a command called hdiutil. If you get this right then Time Machine will think it created it and just start using it. Simple eh? Well, it's not rocket science - but it does involve piecing a few things together. The name of the sparse bundle has to be something very specific which is made up from a few pieces of information unique to your set-up. I'll now take you through how to find those pieces of information.

    Finding the Computer Name

    We'll start with the easy one. The computer name. Specifically this is whatever the computer is named in the Sharing preferences. So open System Preferences, select "Sharing", and copy the name from the "Computer Name" section at the top.

    Finding the MAC Address

    This is the physical address of your network card (not your IP address, which is a logical address. Also the term "MAC" here is nothing to do with your Mac as a computer - it stands for Media Access Control address).

    Now you have to be careful here. Most macs these days have at least two network cards! You will probably have an ethernet port (for a network cable connection) as well as wifi. You may also have a USB based device, such as a mobile broadband device. Regardless of which one you use to connect to the network drive you'll be backing up to, the address we need is of the first network card (usually the ethernet port). If this seems a bit odd at first, consider the case where you usually connect over wifi, but to do an initial backup you connect by cable. If the backup name was dependant on the network connection used this wouldn't work. The address is only used to identify your computer.

    Anyway, it turns out there is an easy way to obtain this.

    Back in the terminal window, type the following:

    ifconfig en0 | grep ether | awk '{print $2}' | sed 's/://g'

    What's that doing? The short answer is "don't worry, it works". The slightly longer answer is that ifconfig dumps all the information it has about all it's ethernet ports. The first port is called en0, so the command ifconfig en0 dumps information about just that one. The pipe character, |, is the unix instruction for sending the output of one command to the input of the next. So we send the information from en0 to "grep ether", which filters out just the lines that have the word "ether" in them - which in this case happen to be where the MAC addresses are shown. To get that line into the form we need for our filename we pipe it to another command, awk, which just picks out the second part of the string, then finally to sed, which removes the colons.

    Phew.

    Like I said, it just works. Trust me.

    Creating the sparsebundle

    Now we have the information we need to create the name of the sparsebundle. Following is the instruction you need to issue to create it. Replace the and placeholders with the information we obtained above. You may need to change the size parameter (320g here) if you have a large drive to back up. The disk image doesn't take up that space to start with, but will grow up to the size you specify here, so use it to set an upper limit. Also you will be prompted to enter your admin password (sudo runs the command as SuperUser):

    sudo hdiutil create -size 320g -type SPARSEBUNDLE -nospotlight -volname "Backup of <computer_name>" -fs "Case-sensitive Journaled HFS+" -verbose ~/Desktop/<computer_name>_<mac address>.sparsebundle

    Note that this will create the sparsebundle on your desktop. Once there you can copy it to the desired location on your network drive (then delete from your desktop). This seems to be more reliable than creating it in place.

    Once you've done that you can start Time Machine and point it at the drive where the sparsebundle resides and it will find it and start using it. If this still fails, check that the name is exactly right and that you followed all the steps above carefully.

    Now sit back and relax, knowing that all your hard work is being backed up

  2. When you have your sparse bundle on your USB device, you need to mount that device with this - be aware I only added the mac address name for consistency to the guide: hdiutil attach -mountpoint ~/myMountPoint <computer_name>_<mac address>.sparsebundle
  3. Use the aforementioned command: sudo tmutil setdestination -a ~/myMountPoint
  4. Go to your system preferences -> time machine -> activate menu button
  5. Finally do this: Click on the time machine button in your system tray and click start backup and be happy :D

I hope you saved some of the 1.5 hours I spent puzzling this together, although it was kinda fun ;)

Related

Time Machine restore to new partition, different computer
Running Vagrant via “vagrant up” on macOS Monterey (12.0.1) fails
MS Word for Mac, show outline on the left panel
Apple Watch 6 blood oxygen measurement said I had hypoxia when I in reality was fine. How to know if reading is taken in optimal conditions?
How to delete backups of a volume from an APFS Time Machine snapshot?
How to set PATH and other env vars for apps with "Reopen windows when logging back in"?
How to identify the iOS version from the Hello screen?
Do any of Microsoft Office for Mac packages offer inbuilt virtual printer?
Create a bootable NTFS drive on mac
Paste to Subfolder in Finder List View
How do I reinstall Apple Software Update in Windows?
How can my iPhone ring only from favorites, but silence from others?