Hi @danielboe, I imagine you’d like to do this to be able to recover a device in the case of losing the SD card or something like that?
This is actually a feature we’d like to implement eventually, but it’s not yet being worked on. I think in the meantime, your idea of copying the data to a remote server could work.
I would probably recommend using scp, and setting up the authentication on the server so that each uuid has access to its own folder (so that you don’t risk an attacker getting all your backups if they compromise a single device). Dunno if anyone in the community has tried something like that.
You could adapt what’s described in this blogpost: https://bradmontgomery.net/blog/automatic-backups-with-cron-tar-and-ssh/ though it shows a slightly different scenario, where you scp from the machine where you want to keep the backup. You could do it either way, scp’ing from the device to the server or from the server to the device (though that would be equivalent to sshing into the device, which from your post is something you want to avoid).
For the authentication part, you could have a script in the server that detects when a device is provisioned, creates an ssh key pair, and passes the private key to the device by creating an environment variable on the balena API. Alternatively, you can open an API endpoint on the device and have the server query it to obtain the public key. There’s a few other options for this but it depends on what you’re already doing (e.g. are you already sending some other data from the device to the cloud? do you have other auth mechanisms already in place?) and what your security requirements look like.