OpsVault

Databases

Configure MySQL and PostgreSQL database connections.

The databases list defines which databases to back up. You can add as many entries as you need — each one is backed up independently.

Fields

databases:
  - name: myapp_prod           # (required) Logical name used in filenames and notifications
    type: postgres              # (required) mysql | postgres
    host: 127.0.0.1             # Default: 127.0.0.1
    port: 5432                  # Default: 3306 for MySQL, 5432 for PostgreSQL
    user: backup_user           # (required) Database user
    password: ""                # Plain text password — not recommended
    password_env: DB_PASS       # Read password from this env var (recommended)
    database: myapp             # (required) The database to dump
    excluded_tables:            # Tables to skip during backup
      - logs
      - sessions
    extra_opts: ""              # Extra flags passed verbatim to mysqldump / pg_dump
    enabled: true               # Set to false to skip without removing the entry

Avoid storing passwords as plain text in the config file. Use password_env instead and set the variable in /etc/environment or your systemd service override.

Password via environment variable

# /etc/environment  (loaded system-wide on boot)
DB_PASS=yourpassword
PG_BACKUP_PASS=anotherpassword
databases:
  - name: myapp_prod
    type: postgres
    password_env: DB_PASS      # reads $DB_PASS at runtime

  - name: analytics
    type: postgres
    password_env: PG_BACKUP_PASS

MySQL example

databases:
  - name: wordpress_prod
    type: mysql
    host: 127.0.0.1
    port: 3306
    user: backup_user
    password_env: MYSQL_BACKUP_PASS
    database: wordpress
    extra_opts: "--single-transaction --quick"
    enabled: true

OpsVault passes the MySQL password via a temporary ~/.my.cnf file (mode 0600) to avoid exposing it on the command line.

PostgreSQL example

databases:
  - name: analytics_pg
    type: postgres
    host: 10.0.0.5
    port: 5432
    user: backup_user
    password_env: PG_BACKUP_PASS
    database: analytics
    extra_opts: "--no-owner --no-acl"
    enabled: true

PostgreSQL password is passed via the PGPASSWORD environment variable injected into the pg_dump subprocess.

Multiple databases

databases:
  - name: app_db
    type: postgres
    host: 127.0.0.1
    user: pg_backup
    password_env: PG_PASS
    database: app_production
    enabled: true

  - name: legacy_mysql
    type: mysql
    host: 127.0.0.1
    user: backup
    password_env: MYSQL_PASS
    database: legacy_app
    enabled: true

  - name: staging_db
    type: postgres
    host: 127.0.0.1
    user: pg_backup
    password_env: PG_PASS
    database: app_staging
    enabled: false             # skipped — won't be backed up

Backup file naming

Each backup is saved as:

{name}_{YYYYMMDD}_{HHMMSS}.sql.gz

For example: app_db_20240115_020001.sql.gz

Excluding tables

Use excluded_tables to skip specific tables during backup. This is the recommended way to exclude tables — no need to remember dump tool flags.

databases:
  - name: myapp_prod
    type: postgres
    database: myapp
    excluded_tables:
      - logs
      - sessions
      - cache

OpsVault translates this to the correct flags automatically:

  • PostgreSQL: --exclude-table=logs --exclude-table=sessions --exclude-table=cache
  • MySQL: --ignore-table=myapp.logs --ignore-table=myapp.sessions --ignore-table=myapp.cache

You can also set excluded tables interactively in the config wizard (opsvault config) — select a database, then choose Excluded tables and type the names separated by commas.

Extra options

The extra_opts field is passed verbatim to mysqldump or pg_dump. Use it for flags not covered by the config fields.

OptionEffect
--no-ownerDon't output commands to set ownership
--no-aclDon't output access privilege commands
--schema=publicDump only the public schema
OptionEffect
--single-transactionConsistent snapshot without locking (InnoDB)
--quickRetrieve rows one at a time (large tables)
--no-dataSchema only, no rows

On this page