The way to an own clowd - Part 10.1
The Way to Your Own Cloud (Part 10.1) – Backup passwords
On Thursday I showed how to host your own password manager.
But a password manager is only as reliable as its backups. Without regular backups, you risk losing all your credentials in case of failure.
Vaultwarden stores its data by default in an SQLite database as well as in a data and configuration directory. Both must be backed up regularly to ensure full recovery in an emergency.
For this, you can simply extend the backup script from Part 5.
Create Plugin
By default, you can find Vaultwarden’s data here:
- Database: /opt/vaultwarden/data/db.sqlite3
- Attachments & configuration: /opt/vaultwarden/data/
To back up both, create a plugin script at /opt/backup/plugins/vaultwarden.sh with the following content:
#!/bin/bash
PLUGIN_OUTPUT_DIR="$1"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S.%3N')] $*"
}
VAULTWARDEN_DIR="/opt/vaultwarden/data"
DB_BACKUP="$PLUGIN_OUTPUT_DIR/db_$(date '+%Y-%m-%d').sqlite3.gz"
FILES_BACKUP="$PLUGIN_OUTPUT_DIR/files_$(date '+%Y-%m-%d').tar.gz"
if [ -f "$VAULTWARDEN_DIR/db.sqlite3" ]; then
log "[INFO] Starting database backup ..."
sqlite3 "$VAULTWARDEN_DIR/db.sqlite3" ".backup '/tmp/db_backup.sqlite3'"
gzip -c /tmp/db_backup.sqlite3 > "$DB_BACKUP"
rm -f /tmp/db_backup.sqlite3
if [ $? -eq 0 ]; then
log "[INFO] Database backup was successful: $DB_BACKUP"
else
log "[ERROR] Database backup failed!"
fi
else
log "[ERROR] Database not found: $VAULTWARDEN_DIR/db.sqlite3"
fi
log "[INFO] Starting file backup ..."
tar -czf "$FILES_BACKUP" -C "$VAULTWARDEN_DIR" .
if [ $? -eq 0 ]; then
log "[INFO] File backup was successful: $FILES_BACKUP"
else
log "[ERROR] File backup failed!"
fi
Finally, make the script executable:
chmod +x /opt/backup/plugins/vaultwarden.sh
From this point on, the plugin will be included in the next backup run.