Self-hosted database backups, without the lock-in.
Self-hosted, multi-database backups with Direct or SSH connection modes, a full REST API, and a Recovery Kit that works with or without DBackup.
$ docker run -d \
-p 3000:3000 \
-e ENCRYPTION_KEY=$(openssl rand -hex 32) \
-e BETTER_AUTH_SECRET=$(openssl rand -base64 32) \
-v ./data:/data \
skyfay/dbackup:latest9
Database Engines
13
Storage Adapters
9
Notification Channels
GPL-3.0
Open Source
Integrations
Connects to what you already run
9 database engines, 13 storage destinations, and 9 notification channels - out of the box.
Automation
Fits into how you already run infrastructure
Two connection modes, encryption on by default, and an API built to be scripted - not just clicked through.
Direct or SSH
Connect straight to a database, or run the dump tool on the remote host over SSH - no need to expose database ports to the DBackup server.
Encrypted by default
AES-256-GCM encryption with managed Encryption Profiles, key rotation, and a downloadable Recovery Kit for offline decryption.
A full REST API
Trigger backups, poll executions, manage adapters, and browse storage - with fine-grained, expiring API keys for scripts and pipelines.
Built for CI/CD
A dedicated skyfay/dbackup:ci image triggers a backup job and waits for it to finish - drop it into any pipeline before a deploy or migration.
Features
Everything a self-hosted backup needs
One tool for scheduling, encrypting, storing, and restoring backups across every database you run.
No lock-in
No vendor lock-in, by design
If DBackup is ever unavailable, your backups still aren't stuck. Decrypt and restore with a single script and the key from your Recovery Kit.
Standard dumps
Every backup is exactly what pg_dump, mysqldump, or mongodump would produce on their own - no proprietary container format.
Open encryption
AES-256-GCM, a documented standard implemented in every major language - not a custom cipher tied to DBackup.
Recovery Kit
A downloadable ZIP with your key and a standalone Node.js script that decrypts backups without DBackup running at all.
Quick start
Running in under five minutes
Save this as docker-compose.yml, generate two secrets, and run docker-compose up -d.
# docker-compose.yml
services:
dbackup:
image: skyfay/dbackup:latest
container_name: dbackup
restart: always
ports:
- "3000:3000"
environment:
- ENCRYPTION_KEY= # openssl rand -hex 32
- BETTER_AUTH_URL=https://localhost:3000
- BETTER_AUTH_SECRET= # openssl rand -base64 32
volumes:
- ./data:/data
- ./backups:/backupsFAQ
Frequently asked questions
From the blog
July 10, 2026
Why We Built DBackup: No Vendor Lock-In by Design
Every DBackup backup is a standard database dump encrypted with open AES-256-GCM - here's why that matters and how the Recovery Kit works.
July 1, 2026
Getting Started with DBackup in 5 Minutes
Spin up DBackup with a single docker-compose file and create your first encrypted backup job.
Back up your databases the way you actually want to
Self-hosted, open source, and yours to run - free of charge, forever.









