DBackupDBackup

Self-hosted database backups, without the lock-in.

Self-hosted, multi-database backups with Direct or SSH connection modes, a full REST API, and a Recovery Kit that works with or without DBackup.

$ docker run -d \
-p 3000:3000 \
-e ENCRYPTION_KEY=$(openssl rand -hex 32) \
-e BETTER_AUTH_SECRET=$(openssl rand -base64 32) \
-v ./data:/data \
skyfay/dbackup:latest

9

Database Engines

13

Storage Adapters

9

Notification Channels

GPL-3.0

Open Source

Integrations

Connects to what you already run

9 database engines, 13 storage destinations, and 9 notification channels - out of the box.

MySQL
MariaDB
PostgreSQL
MongoDB
SQLite
Redis
Valkey
Microsoft SQL Server
Firebird (Beta)

Automation

Fits into how you already run infrastructure

Two connection modes, encryption on by default, and an API built to be scripted - not just clicked through.

Direct or SSH

Connect straight to a database, or run the dump tool on the remote host over SSH - no need to expose database ports to the DBackup server.

DirectSSH Remote Execution

Encrypted by default

AES-256-GCM encryption with managed Encryption Profiles, key rotation, and a downloadable Recovery Kit for offline decryption.

AES-256-GCMKey Rotation

A full REST API

Trigger backups, poll executions, manage adapters, and browse storage - with fine-grained, expiring API keys for scripts and pipelines.

REST APIAPI Keys

Built for CI/CD

A dedicated skyfay/dbackup:ci image triggers a backup job and waits for it to finish - drop it into any pipeline before a deploy or migration.

skyfay/dbackup:ciGitHub ActionsGitLab CI

Features

Everything a self-hosted backup needs

One tool for scheduling, encrypting, storing, and restoring backups across every database you run.

Database Backup
9 database engines, selective per-database backup, multi-database jobs with a unified TAR format, AES-256-GCM encryption, GZIP/Brotli compression, and SSH remote execution.
Storage & Destinations
13 storage adapters, multi-destination jobs for redundancy, a Storage Explorer to browse and download backups, and alerts for usage spikes or missing backups.
Restore & Recovery
One-click restore, database remapping, version compatibility checks, SHA-256/MD5 integrity verification, and a Recovery Kit for restoring without DBackup itself.
Monitoring & Visibility
Live progress tracking, an interactive dashboard, a GitHub-style backup calendar, a Database Explorer, and full execution history.
Notifications
9 notification channels, per-job notification settings, system event notifications, and configurable reminder intervals.
Scheduling & Retention
Cron-based scheduling with a visual picker, reusable GFS retention policy templates, naming templates, and automated config backups.
Access Control & Security
SSO/OIDC, RBAC with granular permissions, 2FA and passkeys, a credential vault, and HTTPS by default.
API & Automation
A full REST API, fine-grained API keys with expiration, and ready-made cURL, Bash, and Ansible examples.
Designed for Simplicity
Configure almost everything from the UI instead of environment variables - a guided setup for beginners, deep configurability for power users.

No lock-in

No vendor lock-in, by design

If DBackup is ever unavailable, your backups still aren't stuck. Decrypt and restore with a single script and the key from your Recovery Kit.

Standard dumps

Every backup is exactly what pg_dump, mysqldump, or mongodump would produce on their own - no proprietary container format.

Open encryption

AES-256-GCM, a documented standard implemented in every major language - not a custom cipher tied to DBackup.

Recovery Kit

A downloadable ZIP with your key and a standalone Node.js script that decrypts backups without DBackup running at all.

Quick start

Running in under five minutes

Save this as docker-compose.yml, generate two secrets, and run docker-compose up -d.

# docker-compose.yml
services:
dbackup:
image: skyfay/dbackup:latest
container_name: dbackup
restart: always
ports:
- "3000:3000"
environment:
- ENCRYPTION_KEY= # openssl rand -hex 32
- BETTER_AUTH_URL=https://localhost:3000
- BETTER_AUTH_SECRET= # openssl rand -base64 32
volumes:
- ./data:/data
- ./backups:/backups

Read the full installation guide

FAQ

Frequently asked questions

From the blog

View all posts →

Back up your databases the way you actually want to

Self-hosted, open source, and yours to run - free of charge, forever.