Foris interface only allows you to make a full restore from a backup. Sometimes you may wish to do partial retrieval or just check the diff between the current state of the system and the backup.

In order to do so you're going to need registration_code (available via /usr/share/server-uplink/registration_code in Omnia) and the password you set in the Foris Cloud backup page.

The following script pulls the latest backup, decrypts it and puts it into /tmp/turris_cloud_backup.tar.bz2 for inspection. Script needs to be run on a Linux machine with pbkdf2 python lib, jq and gpg installed.

#!/bin/bash
REG_CODE=$(cat /usr/share/server-uplink/registration_code)
URL="https://rb.turris.cz"
read -s -p "Put cloud backup password (as set in Foris): " PASSWORD
HASHED_PASS=$(python -c 'import pbkdf2, sys;  print(pbkdf2.crypt(sys.argv[1], "", iterations=1000))' "${PASSWORD}")

# list backups with ids
latest_backup_id=$(curl -s 'Content-Type: application/json'  -H "Authorization:Token ${REG_CODE}" "${URL}/backups/" | jq '.[0]["id"]')

echo "Retrieving latest backup with ID ${latest_backup_id}.."

# download a backup with specified id
curl -s -o /tmp/turris_cloud_backup.tbz.gpg -H 'Content-Type: application/json' -H "Authorization:Token ${REG_CODE}" "${URL}/backups/${latest_backup_id}/"

echo "Decrypting.."

echo "${HASHED_PASS}" | gpg --yes --batch -d -o /tmp/turris_cloud_backup.tar.bz2 --passphrase-fd 0 /tmp/turris_cloud_backup.tbz.gpg
ret=$?
echo "Deleting encrypted backup.."
rm /tmp/turris_cloud_backup.tbz.gpg

if [ "$ret" -eq 0 ]
then
        echo "If all went well the unencrypted backup is in /tmp/turris_cloud_backup.tar.bz2"
else
        echo "Looks like there's an issue - maybe the password is incorrect?"
fi

source: https://forum.turris.cz/t/ako-sa-da-dostat-ku-cloudovym-zaloham/