Backs up vaultwarden files and directories to tar.xz
archives automatically. tar.xz
archives can be opened using data compression programs like 7-Zip and WinRAR.
Files and directories that are backed up:
- db.sqlite3
- config.json
- rsa_key.der
- rsa_key.pem
- rsa_key.pub.der
- /attachments
- /sends
Refer to the docker-compose
section below. By default, backing up is automatic.
Pass manual
to docker run
or docker-compose
as a command
.
services:
vaultwarden:
# Vaultwarden configuration here.
backup:
image: jmqm/vaultwarden_backup:latest
container_name: vaultwarden_backup
network_mode: none
restart: always
volumes:
- /vaultwarden_data_directory:/data:ro # Read-only
- /backup_directory:/backups
- /etc/localtime:/etc/localtime:ro # Container uses date from host.
environment:
- DELETE_AFTER=30
- CRON_TIME=0 0 * * * # Runs at 12:00 AM.
- UID=1024
- GID=100
/data
(read)- Vaultwarden's /data
directory. Recommend setting mount as read-only.
/backups
(write) - Where to store backups to.
User specified in compose environment (UID
/GID
) vars must have write access to /backups
If you want to make them the owner of the backups directory do:
chown ${UID}:${GID} /path/to/backups
Environment Variable | Info |
---|---|
UID ⭐ | User ID to run the cron job as. |
GID ⭐ | Group ID to run the cron job as. |
CRON_TIME 👍 | When to run (default is every 12 hours). Info here and editor here. |
DELETE_AFTER 👍 | (exclusive to automatic mode) Delete backups X days old. Requires read and write permissions. |
Environment Variable | Info |
---|---|
TZ ¹ | Timezone inside the container. Can mount /etc/localtime instead as well (recommended). |
¹ See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for more information
Mount /etc/localtime
(recommend mounting as read-only) or set TZ
environment variable.