mysql-bkup/docs/how-tos/backup-to-ssh.md

---
title: Backup to SSH or SFTP
layout: default
parent: How Tos
nav_order: 3
---
# Backup to SFTP or SSH Remote Server

To store your backups on an `SFTP` or `SSH` remote server instead of the default storage, you can configure the backup process to use the `--storage ssh` or `--storage remote` option.
This section explains how to set up and configure SSH-based backups.

---

## Configuration Steps

1. **Specify the Storage Type**  
   Add the `--storage ssh` or `--storage remote` flag to your backup command.

2. **Set the Remote Path**  
   Define the full remote path where backups will be stored using the `--path` flag or the `REMOTE_PATH` environment variable.  
   Example: `--path /home/jkaninda/backups`.

3. **Required Environment Variables**  
   The following environment variables are mandatory for SSH-based backups:

    - `SSH_HOST`: The hostname or IP address of the remote server.
    - `SSH_USER`: The username for SSH authentication.
    - `REMOTE_PATH`: The directory on the remote server where backups will be stored.
    - `SSH_IDENTIFY_FILE`: The path to the private key file for SSH authentication.
    - `SSH_PORT`: The SSH port (default is `22`).
    - `SSH_PASSWORD`: (Optional) Use this only if you are not using a private key for authentication.

   {: .note }
   **Security Recommendation**: Using a private key (`SSH_IDENTIFY_FILE`) is strongly recommended over password-based authentication (`SSH_PASSWORD`) for better security.

---

## Example Configuration

Below is an example `docker-compose.yml` configuration for backing up to an SSH remote server:

```yaml
services:
   mysql-bkup:
      # In production, lock your image tag to a specific release version
      # instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
      # for available releases.
      image: jkaninda/mysql-bkup
      container_name: mysql-bkup
      command: backup --storage remote -d database
      volumes:
         - ./id_ed25519:/tmp/id_ed25519
      environment:
         - DB_PORT=3306
         - DB_HOST=mysql
         - DB_NAME=database
         - DB_USERNAME=username
         - DB_PASSWORD=password
         ## SSH Configuration
         - SSH_HOST="hostname"
         - SSH_PORT=22
         - SSH_USER=user
         - REMOTE_PATH=/home/jkaninda/backups
         - SSH_IDENTIFY_FILE=/tmp/id_ed25519
         ## Optional: Use password instead of private key (not recommended)
         #- SSH_PASSWORD=password

      # Ensure the mysql-bkup container is connected to the same network as your database
      networks:
         - web

networks:
   web:
```

---

## Recurring Backups to SSH Remote Server

To schedule recurring backups, you can use the `--cron-expression` flag or the `BACKUP_CRON_EXPRESSION` environment variable. 
This allows you to define a cron schedule for automated backups.

### Example: Recurring Backup Configuration

```yaml
services:
   mysql-bkup:
    # In production, lock your image tag to a specific release version
    # instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
    # for available releases.
    image: jkaninda/mysql-bkup
    container_name: mysql-bkup
    command: backup -d database --storage ssh --cron-expression "@daily"
    volumes:
      - ./id_ed25519:/tmp/id_ed25519
    environment:
      - DB_PORT=3306
      - DB_HOST=postgres
      - DB_NAME=database
      - DB_USERNAME=username
      - DB_PASSWORD=password
      ## SSH Configuration
      - SSH_HOST="hostname"
      - SSH_PORT=22
      - SSH_USER=user
      - REMOTE_PATH=/home/jkaninda/backups
      - SSH_IDENTIFY_FILE=/tmp/id_ed25519
      ## Optional: Delete old backups after a specified number of days
      #- BACKUP_RETENTION_DAYS=7
      ## Optional: Use password instead of private key (not recommended)
      #- SSH_PASSWORD=password

    # Ensure the mysql-bkup container is connected to the same network as your database
    networks:
      - web

networks:
  web:
```

---

## Key Notes

- **Cron Expression**: Use the `--cron-expression` flag or `BACKUP_CRON_EXPRESSION` environment variable to define the backup schedule. For example, `0 1 * * *` runs the backup daily at 1:00 AM.
- **Backup Retention**: Optionally, use the `BACKUP_RETENTION_DAYS` environment variable to automatically delete backups older than a specified number of days.
- **Security**: Always prefer private key authentication (`SSH_IDENTIFY_FILE`) over password-based authentication (`SSH_PASSWORD`) for enhanced security.

---
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`---`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`title: Backup to SSH or SFTP`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`layout: default`
			`parent: How Tos`
			`nav_order: 3`
			`---`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`# Backup to SFTP or SSH Remote Server`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			To store your backups on an `SFTP` or `SSH` remote server instead of the default storage, you can configure the backup process to use the `--storage ssh` or `--storage remote` option.
			`This section explains how to set up and configure SSH-based backups.`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`---`

			`## Configuration Steps`

			`1. Specify the Storage Type`
			Add the `--storage ssh` or `--storage remote` flag to your backup command.

			`2. Set the Remote Path`
			Define the full remote path where backups will be stored using the `--path` flag or the `REMOTE_PATH` environment variable.
			Example: `--path /home/jkaninda/backups`.

			`3. Required Environment Variables`
			`The following environment variables are mandatory for SSH-based backups:`

			- `SSH_HOST`: The hostname or IP address of the remote server.
			- `SSH_USER`: The username for SSH authentication.
			- `REMOTE_PATH`: The directory on the remote server where backups will be stored.
			- `SSH_IDENTIFY_FILE`: The path to the private key file for SSH authentication.
			- `SSH_PORT`: The SSH port (default is `22`).
			- `SSH_PASSWORD`: (Optional) Use this only if you are not using a private key for authentication.

			`{: .note }`
			Security Recommendation: Using a private key (`SSH_IDENTIFY_FILE`) is strongly recommended over password-based authentication (`SSH_PASSWORD`) for better security.

			`---`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`## Example Configuration`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			Below is an example `docker-compose.yml` configuration for backing up to an SSH remote server:

			```yaml
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`services:`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`mysql-bkup:`
			`# In production, lock your image tag to a specific release version`
			# instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
			`# for available releases.`
			`image: jkaninda/mysql-bkup`
			`container_name: mysql-bkup`
			`command: backup --storage remote -d database`
			`volumes:`
			`- ./id_ed25519:/tmp/id_ed25519`
			`environment:`
			`- DB_PORT=3306`
			`- DB_HOST=mysql`
			`- DB_NAME=database`
			`- DB_USERNAME=username`
			`- DB_PASSWORD=password`
			`## SSH Configuration`
			`- SSH_HOST="hostname"`
			`- SSH_PORT=22`
			`- SSH_USER=user`
			`- REMOTE_PATH=/home/jkaninda/backups`
			`- SSH_IDENTIFY_FILE=/tmp/id_ed25519`
			`## Optional: Use password instead of private key (not recommended)`
			`#- SSH_PASSWORD=password`

			`# Ensure the mysql-bkup container is connected to the same network as your database`
			`networks:`
			`- web`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
			`networks:`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`web:`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			```

doc: reviewed docs 2025-01-13 14:56:08 +01:00			`---`

			`## Recurring Backups to SSH Remote Server`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			To schedule recurring backups, you can use the `--cron-expression` flag or the `BACKUP_CRON_EXPRESSION` environment variable.
			`This allows you to define a cron schedule for automated backups.`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`### Example: Recurring Backup Configuration`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00
doc: reviewed docs 2025-01-13 14:56:08 +01:00			```yaml
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`services:`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`mysql-bkup:`
			`# In production, lock your image tag to a specific release version`
			# instead of using `latest`. Check https://github.com/jkaninda/mysql-bkup/releases
			`# for available releases.`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`image: jkaninda/mysql-bkup`
			`container_name: mysql-bkup`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`command: backup -d database --storage ssh --cron-expression "@daily"`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`volumes:`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`- ./id_ed25519:/tmp/id_ed25519`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`environment:`
			`- DB_PORT=3306`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`- DB_HOST=postgres`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`- DB_NAME=database`
			`- DB_USERNAME=username`
			`- DB_PASSWORD=password`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`## SSH Configuration`
docs: update ssh and ftp deployment example 2024-10-02 04:09:42 +02:00			`- SSH_HOST="hostname"`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`- SSH_PORT=22`
			`- SSH_USER=user`
feat: add ftp backup storage 2024-09-30 00:40:35 +02:00			`- REMOTE_PATH=/home/jkaninda/backups`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`- SSH_IDENTIFY_FILE=/tmp/id_ed25519`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`## Optional: Delete old backups after a specified number of days`
chore: add backup prune, replace period flag by BACKUP_RETENTION_DAYS environment variable 2024-10-20 06:52:36 +02:00			`#- BACKUP_RETENTION_DAYS=7`
doc: reviewed docs 2025-01-13 14:56:08 +01:00			`## Optional: Use password instead of private key (not recommended)`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`#- SSH_PASSWORD=password`
doc: reviewed docs 2025-01-13 14:56:08 +01:00
			`# Ensure the mysql-bkup container is connected to the same network as your database`
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`networks:`
			`- web`
doc: reviewed docs 2025-01-13 14:56:08 +01:00
Add SSH storage, add database backup encrypt and decrypt 2024-08-03 16:03:17 +02:00			`networks:`
			`web:`
			```
doc: reviewed docs 2025-01-13 14:56:08 +01:00
			`---`

			`## Key Notes`

			- Cron Expression: Use the `--cron-expression` flag or `BACKUP_CRON_EXPRESSION` environment variable to define the backup schedule. For example, `0 1 * * *` runs the backup daily at 1:00 AM.
			- Backup Retention: Optionally, use the `BACKUP_RETENTION_DAYS` environment variable to automatically delete backups older than a specified number of days.
			- Security: Always prefer private key authentication (`SSH_IDENTIFY_FILE`) over password-based authentication (`SSH_PASSWORD`) for enhanced security.

			`---`