Backblaze B2 is the go-to off-site storage backend for homelab backups. At $6/TB/month with 10 GB free, it's roughly 1/4 the cost of AWS S3 -- and the first 10 GB costs nothing. It's S3-compatible, so any tool that speaks S3 (restic, rclone, Duplicati, MinIO client) works without modifications.
Quick Setup
1. Create Your Account
- Go to backblaze.com/sign-up/cloud-storage
- Enter your email and a strong password
- Verify your email address
- No credit card is required to start -- the first 10 GB of storage is free
2. Create a Bucket
- Log in to the B2 Console
- Click Create a Bucket
- Configure:
- Bucket Name: Must be globally unique across all B2 accounts. Use something like
yourname-backupsorhomelab-backups-2026. Lowercase letters, numbers, and hyphens only. 6-63 characters. - Files in Bucket are: Select Private. Never use Public for backups.
- Default Encryption: Select Enable (SSE-B2, server-side encryption). This encrypts data at rest on Backblaze's side. If you're using restic, your data is already encrypted client-side before upload -- this adds a second layer.
- Object Lock: Leave Disabled unless you specifically need immutable backups (ransomware protection). Object Lock prevents anyone -- including you -- from deleting files before the retention period expires.
- Bucket Name: Must be globally unique across all B2 accounts. Use something like
- Click Create a Bucket
- Note your Bucket Name and the Endpoint shown on the bucket page (looks like
s3.us-west-004.backblazeb2.com)
3. Create a Scoped Application Key
Do not use your master application key for backups. Create a key scoped to a single bucket with only the permissions it needs.
- Go to Account > Application Keys
- Click Add a New Application Key
- Configure:
- Name of Key: Something descriptive like
homelab-backup-restic - Allow access to Bucket(s): Select the bucket you just created
- Type of Access: Select Read and Write
- Allow List All Bucket Names: Leave checked (restic needs this to discover the bucket)
- File name prefix: Leave blank (allows access to all files in the bucket)
- Name of Key: Something descriptive like
- Click Create New Key
- Copy both values immediately:
- keyID -- looks like
004a1b2c3d4e5f6 - applicationKey -- a long alphanumeric string
- keyID -- looks like
The application key is shown exactly once. If you lose it, delete the key and create a new one. The keyID can be retrieved later, but the secret cannot.
Pricing
B2 is pay-as-you-go with a generous free tier. No minimum commitment, no contracts.
| Component | Free Tier | Paid Rate |
|---|---|---|
| Storage | 10 GB | $6/TB/month ($0.006/GB) |
| Egress (download) | 3x stored data/month | $0.01/GB beyond free tier |
| Class A API calls (uploads, deletes) | Unlimited | Free |
| Class B API calls (downloads, lists) | 2,500/day | $0.004 per 1,000 |
| Class C API calls (metadata) | 2,500/day | $0.004 per 1,000 |
What does this cost in practice for homelab backups?
| Backup Size | Monthly Storage Cost | Annual Cost |
|---|---|---|
| 10 GB | Free | Free |
| 50 GB | $0.24 | $2.88 |
| 100 GB | $0.54 | $6.48 |
| 250 GB | $1.44 | $17.28 |
| 500 GB | $2.94 | $35.28 |
| 1 TB | $6.00 | $72.00 |
Egress costs are negligible for backups. You're uploading frequently and only downloading during restores. The 3x free egress allowance means if you store 100 GB, you can download up to 300 GB/month for free -- more than enough for any restore scenario.
Comparison with AWS S3:
| B2 | S3 Standard | |
|---|---|---|
| Storage/TB/month | $6 | $23-26 |
| Egress/GB | $0.01 | $0.09 |
| Upload API calls | Free | $0.005/1,000 |
The Region Gotcha
When you create your account, Backblaze assigns you a region (typically US West). All your buckets live in that region. You cannot change it later without creating a new account.
For backups, region doesn't matter much -- you're optimizing for cost and durability, not latency. But if you're close to an EU data center and want data residency in Europe, select the EU region during signup.
The region determines your S3-compatible endpoint URL:
- US West:
s3.us-west-004.backblazeb2.com(the004varies by account) - EU Central:
s3.eu-central-003.backblazeb2.com
Check your bucket details page for the exact endpoint. Using the wrong endpoint is a common cause of "bucket not found" errors.
Lifecycle Rules
Lifecycle rules automatically delete old file versions after a set number of days. This is useful if your backup tool handles its own retention (restic does), and you want a safety net to clean up incomplete uploads or old versions.
- Open your bucket in the B2 Console
- Click Lifecycle Settings
- Set Keep only the last version of the file and Keep prior versions for this number of days: to something reasonable (7-30 days)
If you're using restic, it manages file versions internally through its snapshot system. You can safely set B2 lifecycle to keep only the latest version -- restic will never overwrite a file it still needs.
Verifying It Works
Test access with the B2 CLI or any S3-compatible tool:
# Using the B2 CLI
pip install b2
b2 authorize-account YOUR_KEY_ID YOUR_APPLICATION_KEY
b2 ls YOUR_BUCKET_NAME
Or test with restic directly:
export B2_ACCOUNT_ID="YOUR_KEY_ID"
export B2_ACCOUNT_KEY="YOUR_APPLICATION_KEY"
restic -r b2:YOUR_BUCKET_NAME init
restic -r b2:YOUR_BUCKET_NAME snapshots
If restic init completes without errors, your credentials and bucket are configured correctly.
Troubleshooting
"bucket not found" or "unauthorized":
- Verify the bucket name is exact (case-sensitive)
- Verify the application key has access to this specific bucket
- Verify you're using the correct region endpoint if using S3-compatible mode
"key does not allow listBuckets":
- You need to enable "Allow List All Bucket Names" when creating the application key. Delete the key and create a new one with this option checked.
Slow uploads:
- B2 supports multi-part uploads for files over 100 MB. restic handles this automatically. If uploads seem slow, check your upstream bandwidth -- B2 itself is rarely the bottleneck.
- For large initial backups (100+ GB), expect the first run to take hours depending on your upload speed. Subsequent runs only upload changed data (restic deduplication).
"cap exceeded" errors:
- You've hit a transaction cap. This is rare for backup workloads. Check your account's daily transaction limits in the B2 Console under Caps & Alerts. The default caps are generous for homelab use.
Using with Restic (S3-Compatible Mode)
Restic supports B2 natively, but you can also use the S3-compatible endpoint. Native B2 mode is simpler:
# Native B2 (recommended)
RESTIC_REPOSITORY=b2:your-bucket-name
B2_ACCOUNT_ID=your-key-id
B2_ACCOUNT_KEY=your-application-key
# S3-compatible mode (if you need S3 features like object lock)
RESTIC_REPOSITORY=s3:https://s3.us-west-004.backblazeb2.com/your-bucket-name
AWS_ACCESS_KEY_ID=your-key-id
AWS_SECRET_ACCESS_KEY=your-application-key
Native B2 mode is faster for most operations because it uses B2's native API rather than the S3 compatibility layer. Use S3-compatible mode only if you need features specific to the S3 API.