restic init
restic init creates a new repository structure at a specified location. This is a one-time operation per repository. During initialization, Restic sets up the encryption parameters and requires you to set a password that will be used to encrypt all data and metadata.
Quick Summary
Initialization is the "format" or "setup" step for your backup storage. It creates the internal folder structure (data, index, keys, snapshots) and generates the master encryption key.
Basic Syntax
restic init [flags]
Destination Examples
# Local Directory
restic -r /var/backups/repo init
# SFTP (Remote Server)
restic -r sftp:user@host:/path/to/repo init
# AWS S3 (Bucket)
restic -r s3:s3.amazonaws.com/bucket-name init
# DigitalOcean Spaces / S3 Compatible
restic -r s3:nyc3.digitaloceanspaces.com/my-backups init
Key Flags
| Flag | Description |
|---|---|
--repository / -r | Location of the repository (or use RESTIC_REPOSITORY env var) |
--password-file | Read the repository password from a file |
--repository-version | Force a specific repo version (default is 2 for compression) |
--copy-chunker-params | (V2) Copy chunker parameters from another repo |
Practical Examples
1. Initialize a Local Repo with a Password File
This is the standard pattern for automated scripts.
# Create password file
echo "my-super-secret-password" > ~/.restic-password
chmod 600 ~/.restic-password
# Initialize
restic -r /mnt/usb-drive/backup-repo init --password-file ~/.restic-password
2. Initialize an S3 Bucket Backup
Requires AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to be set in the environment.
export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="7hX9..."
restic -r s3:s3.amazonaws.com/my-company-backups init
3. Initialize with Compression (Repo Version 2)
Modern Restic (0.14.0+) uses Version 2 by default, which supports compression.
# Explicitly initialize as V2
restic init --repository-version 2 -r ./my-compressed-repo
Common Pitfalls
| Pitfall | Consequence | Prevention |
|---|---|---|
| Losing the Password | Total Data Loss. Data is unrecoverable without the key. | Store the password in a secure manager (Bitwarden, 1Password). |
| Initializing over existing repo | Error message (Restic prevents overwriting). | Check if a directory has a config file before initializing. |
| Weak Passwords | Vulnerable to brute-force if repo is stolen. | Use a long, random passphrase. |
| Wrong Repo Version | Using V1 prevents data compression. | Ensure you are using Restic 0.14+ and V2. |
Examples with Output
1. Standard Local Initialization
Command:
restic -r /tmp/test-repo init
Output:
enter password for new repository:
enter password again:
created restic repository a7b2c9d at /tmp/test-repo
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
2. Initialization with Password File (Automation)
Command:
restic -r /srv/repo init --password-file /etc/restic/pass
Output:
created restic repository b8c3d1e at /srv/repo
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
3. S3 Bucket Initialization
Command:
restic -r s3:s3.amazonaws.com/my-bucket init
Output:
enter password for new repository:
enter password again:
created restic repository c9d4e2f at s3:s3.amazonaws.com/my-bucket
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
4. Forcing Repository Version 2 (Compressed)
Command:
restic init --repository-version 2 -r /backup/v2-repo
Output:
enter password for new repository:
enter password again:
created restic repository d0e5f3g at /backup/v2-repo
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
5. Error: Already Initialized
Command:
restic -r /tmp/test-repo init
Output:
Fatal: create key in repository at /tmp/test-repo failed:
config file already exists