OpenClaw Backup → Cloudflare R2 (via restic)

This skill helps the user create complete, encrypted, off-site backups of their OpenClaw installation and restore them on any machine. It backs up everything OpenClaw's built-in .bak misses: credentials, agents, workspace, and cron — not just openclaw.json.

When to use

• The user wants to back up their OpenClaw setup (config, agents, credentials).
• The user lost agents/config (e.g., after openclaw doctor --fix) and wants protection going forward.
• The user wants to restore a backup or migrate OpenClaw to a new PC.
• The user wants automatic daily backups.

What it backs up

openclaw backup create --verify produces a verified .tar.gz containing config, credentials, agents, workspace, and cron. restic then encrypts and deduplicates it locally and uploads to Cloudflare R2. Retention keeps 7 daily + 4 weekly + 6 monthly snapshots.

Prerequisites (guide the user to set these up)

1. restic installed (on PATH or at ./restic/restic.exe).
2. A Cloudflare R2 bucket + S3 API token.
3. Copy .env.example → .env and fill RESTIC_REPOSITORY, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY.
4. Create .restic-pass with a strong password. Critical: this is the only key to the encrypted backups — store it safely and separately. Without it, restore is impossible.
5. Initialize once: restic init.

> Never commit .env or .restic-pass. They are git-ignored. Never print their contents.

Running a backup

.\backup.ps1

This runs openclaw backup create --verify, uploads via restic to R2, prunes old snapshots, and removes the local tar. Logs go to logs/.

Testing a restore (safe, non-destructive)

.\test-restore.ps1

Downloads the latest snapshot, extracts it, and validates with openclaw backup verify. Does not touch the live .openclaw.

Restoring (any PC) — ⚠️ destructive

Copy the portable/ folder (with restic/restic.exe, .env, .restic-pass) to the target machine and run:

.\portable\restore-portable.ps1

It stops the gateway, pulls the latest backup from R2, and installs to %USERPROFILE%\.openclaw.

> ⚠️ This OVERWRITES the live .openclaw. Anything created after the last backup is lost. The script requires the user to type RESTAURAR to confirm and moves the current folder to .openclaw.backup- first (this local backup can fail if files are locked, in which case it overwrites in place). Always have the user run test-restore.ps1 first to inspect the backup non-destructively, and only run the real restore when they accept replacing the active install. $env:OPENCLAW_RESTORE_YES = 1 skips the prompt for automation — never set it on the user's behalf without explicit consent.

Automating daily backups (Windows)

Register a Task Scheduler job that runs backup.ps1 daily with -StartWhenAvailable so it catches up if the PC was off. See the README for the exact Register-ScheduledTask command.

Safety notes

• Always confirm the user has saved their .restic-pass somewhere safe before relying on backups. It is the only key — losing it makes every backup unrecoverable.
• When helping configure, never echo secret values; have the user paste them into .env/.restic-pass themselves.
• This uploads OpenClaw secrets (credentials/auth profiles) to a third-party bucket. Encryption is client-side, but its strength depends entirely on the password. Make sure the user uses a strong passphrase, keeps the R2 bucket private, and never shares the portable/ folder (it bundles both the R2 credentials and the decryption key).
• The restore normally preserves the existing .openclaw as a timestamped backup (so it is reversible) — but that safety copy can fail if files are locked. Recommend test-restore.ps1 before any real restore.