sudo yum install duplicity
If you get "No package duplicity available.", you need to install EPEL. For CentOS 6:
sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Then try yum again.
gpg --gen-key
The defaults are fine. When the key is complete, make sure you copy down the key (made bold) because you'll pass it to duplicity:
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/12345678 2012-01-26
.....
You might need to export the key if another user will use it. In my case, I had to create the keys with one user but another user would execute the backups.
gpg --output secret --export-secret-keys
gpg --output public --export
Then the other user needs to:
gpg --import /path/to/secret
gpg --import /path/to/public
You can verify the keys are there by:
gpg --list-keys
If when using the key you get these errors:
gpg: : There is no assurance this key belongs to the named user
gpg: [stdin]: sign+encrypt failed: Unusable public key
You should (as the user experiencing this error):
gpg --edit-key [key]
> trust
// decide how much to trust it
> save
Now to actually use duplicity, it'll most likely be cron'd so a shell script would work nice. I like the way Justin Hartman did it so there's really no need to re-invent what he did. Just ignore the AWS stuff if you're not backing up there.