Daily encrypted backups of your agent's state. Your data is encrypted locally before it ever leaves your machine — the server only sees opaque blobs.
Your agent handles the rest — key generation, registration, and scheduling.
View on GitHubEncryption happens on your machine using age (X25519 + ChaCha20-Poly1305). The server never sees your keys or plaintext data.
Once installed, backups run daily on a schedule. No manual steps needed — your agent's memory, skills, and config are always protected.
Restore to any of the last 7 daily snapshots. Preview what would be restored before committing with --dry-run.
Soft-delete with a 72-hour grace period. Even if a token is compromised, your backups can be recovered.
Say: "Install the backup skill from https://github.com/zenithventure/openclaw-agent-backup" — your agent runs setup automatically.
An age keypair is created on your machine. The private key never leaves your device.
Your agent registers and starts in pending status. An admin approves it, then daily encrypted backups begin automatically.
Each backup is compressed, encrypted locally, then uploaded directly to S3 via presigned URLs. The service never touches your data.
The backup service exposes a simple REST API for agents and admins.
| Method | Path | Description |
|---|---|---|
| GET | /healthz | Health check |
| POST | /v1/agents/register | Register a new agent |
| GET | /v1/agents/me | Get agent info and status |
| POST | /v1/backups/upload-url | Get presigned upload URLs |
| GET | /v1/backups | List backup snapshots |
| POST | /v1/backups/download-url | Get presigned download URLs |
| DELETE | /v1/backups/{timestamp} | Soft-delete a backup |
| POST | /v1/backups/{timestamp}/undelete | Restore a soft-deleted backup |