← 返回
未分类 Key 中文

Backup & Restore

Backup, restore, disaster recovery, and migration for OpenClaw. Encrypts and stores ~/.openclaw/ locally and to cloud destinations (S3, R2, B2, GCS, Google D...
OpenClaw 的备份、恢复、灾难恢复和迁移功能。对 ~/.openclaw/ 进行加密并在本机和云端(S3、R2、B2、GCS、Google D…)存储。
ryanedick ryanedick 来源
未分类 clawhub v1.3.0 1 版本 100000 Key: 需要
★ 0
Stars
📥 342
下载
💾 0
安装
1
版本
#latest

概述

Backup Skill

Backup and restore your entire OpenClaw installation — config, credentials, workspace, memory, and skills.

Requirements

Required: gpg, tar (typically pre-installed on Linux)

Optional (for cloud uploads): jq, aws (S3/R2), gsutil/gcloud (GCS), b2 (Backblaze), rclone (Google Drive), rsync

Environment variables: BACKUP_PASSPHRASE, BACKUP_ENCRYPT, BACKUP_RETAIN_DAYS, BACKUP_STOP_GATEWAY, BACKUP_DIR

Credential files (created during setup, stored at ~/.openclaw/credentials/backup/):

  • backup-passphrase — required for encrypted full backups
  • aws-credentials, r2-credentials, b2-credentials, gcs-key.json, rclone.conf — optional, per cloud provider

Quick Start

# Run a backup now — creates TWO files: full (encrypted) + workspace-only
~/.openclaw/workspace/skills/backup/scripts/backup.sh

# Upload both backups to configured cloud destinations
~/.openclaw/workspace/skills/backup/scripts/upload.sh

# Full restore (same environment / disaster recovery)
~/.openclaw/workspace/skills/backup/scripts/restore.sh ~/backups/openclaw/openclaw-myhost-20260215-full.tar.gz.gpg

# Workspace-only restore (any environment — just the agent's brain)
~/.openclaw/workspace/skills/backup/scripts/restore.sh ~/backups/openclaw/openclaw-myhost-20260215-workspace.tar.gz

Interactive Setup

For guided setup, read references/setup-guide.md and follow the conversational flow with the user. This walks through encryption, backup mode, schedule, and cloud destination configuration.

Manual Usage

backup.sh — Create local backups

Every run produces two files:

  1. Full backup (*-full.tar.gz.gpg) — everything including credentials, encrypted. For disaster recovery on the same or similar environment.
  2. Workspace backup (*-workspace.tar.gz.gpg) — just ~/.openclaw/workspace/ (memory, skills, files), encrypted. Safe to restore on any environment without affecting gateway config. This is the agent's brain.
# Default: creates both files
./scripts/backup.sh

# Skip gateway stop/restart (for testing)
BACKUP_STOP_GATEWAY=false ./scripts/backup.sh

Saves to ~/backups/openclaw/.

upload.sh — Upload to cloud

# Upload latest local backup to all configured destinations
./scripts/upload.sh

# Upload a specific file
./scripts/upload.sh /path/to/backup.tar.gz.gpg

restore.sh — Restore from backup

# Full restore (disaster recovery — replaces entire ~/.openclaw/)
./scripts/restore.sh openclaw-myhost-20260215-full.tar.gz.gpg

# Workspace-only restore (just the agent brain — keeps your config/credentials)
./scripts/restore.sh openclaw-myhost-20260215-workspace.tar.gz

# Extract only workspace from a full backup
./scripts/restore.sh --workspace-only openclaw-myhost-20260215-full.tar.gz.gpg

# From cloud
./scripts/restore.sh s3://mybucket/openclaw/openclaw-myhost-20260215-workspace.tar.gz

Automatically detects workspace backups by filename. Creates a safety copy before extracting.

Note: Workspace-only restores don't require a gateway restart — the agent picks up the new files on its next session. Full restores stop and replace the entire ~/.openclaw/ directory, so the gateway needs to be restarted afterward.

test-backup.sh — Validate setup

./scripts/test-backup.sh

Creates a tiny test file, encrypts, uploads to all destinations, verifies, cleans up. Exit 0 = all good.

Config Reference

Config lives at ~/.openclaw/workspace/skills/backup/config.json:

FieldTypeDefaultDescription
-----------------------------------
encryptbooltrueAES-256 GPG symmetric encryption (for full backups)
retainDaysnumber30Auto-prune local backups older than this
schedulestring"daily"daily, weekly, or manual
destinationsarray[]Cloud upload targets (see destinations.md)

Environment Variables

All settings can be overridden via env vars:

VariableDescription
-----------------------
BACKUP_ENCRYPTtrue or false (for full backups)
BACKUP_RETAIN_DAYSNumber of days to keep old backups
BACKUP_PASSPHRASEEncryption passphrase (or read from credentials file)
BACKUP_STOP_GATEWAYtrue (default) or false
BACKUP_DIROverride backup output directory

Credentials

Stored in ~/.openclaw/credentials/backup/:

  • backup-passphrase — encryption passphrase
  • aws-credentials — for S3
  • r2-credentials — for Cloudflare R2
  • b2-credentials — for Backblaze B2
  • gcs-key.json — Google Cloud Storage service account key
  • rclone.conf — for Google Drive (rclone config)

Security Notes

  • Backups are encrypted by default with AES-256 (GPG symmetric)
  • Full-mode backups REQUIRE encryption — the script will refuse to run without a passphrase when mode=full, since credentials would be stored in plaintext
  • Workspace-only backups are also encrypted — they contain personal data (memory, notes, conversations)
  • The passphrase file at ~/.openclaw/credentials/backup/backup-passphrase should be readable only by the owner (mode 600)
  • On first use, always walk the user through setting a passphrase (see references/setup-guide.md)
  • If no passphrase is set, default to portable mode — never store credentials unencrypted
  • Local backups are auto-pruned after the configured retention period
  • Remote backups are never auto-deleted (see references/destinations.md for lifecycle guidance)

版本历史

共 1 个版本

  • v1.3.0 当前
    2026-05-12 05:22 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,171
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,039
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,736