OpsVault

Databases

Configure MySQL and PostgreSQL database connections.

The databases list defines which databases to back up. You can add as many entries as you need — each one is backed up independently.

Fields

databases:
  - name: myapp_prod        # (required) Logical name used in filenames and notifications
    type: postgres           # (required) mysql | postgres
    host: 127.0.0.1          # Default: 127.0.0.1
    port: 5432               # Default: 3306 for MySQL, 5432 for PostgreSQL
    user: backup_user        # (required) Database user
    password: ""             # Plain text password — not recommended
    password_env: DB_PASS    # Read password from this env var (recommended)
    database: myapp          # (required) The database to dump
    extra_opts: ""           # Extra flags passed verbatim to mysqldump / pg_dump
    enabled: true            # Set to false to skip without removing the entry

Avoid storing passwords as plain text in the config file. Use password_env instead and set the variable in /etc/environment or your systemd service override.

Password via environment variable

# /etc/environment  (loaded system-wide on boot)
DB_PASS=yourpassword
PG_BACKUP_PASS=anotherpassword
databases:
  - name: myapp_prod
    type: postgres
    password_env: DB_PASS      # reads $DB_PASS at runtime

  - name: analytics
    type: postgres
    password_env: PG_BACKUP_PASS

MySQL example

databases:
  - name: wordpress_prod
    type: mysql
    host: 127.0.0.1
    port: 3306
    user: backup_user
    password_env: MYSQL_BACKUP_PASS
    database: wordpress
    extra_opts: "--single-transaction --quick"
    enabled: true

OpsVault passes the MySQL password via a temporary ~/.my.cnf file (mode 0600) to avoid exposing it on the command line.

PostgreSQL example

databases:
  - name: analytics_pg
    type: postgres
    host: 10.0.0.5
    port: 5432
    user: backup_user
    password_env: PG_BACKUP_PASS
    database: analytics
    extra_opts: "--no-owner --no-acl"
    enabled: true

PostgreSQL password is passed via the PGPASSWORD environment variable injected into the pg_dump subprocess.

Multiple databases

databases:
  - name: app_db
    type: postgres
    host: 127.0.0.1
    user: pg_backup
    password_env: PG_PASS
    database: app_production
    enabled: true

  - name: legacy_mysql
    type: mysql
    host: 127.0.0.1
    user: backup
    password_env: MYSQL_PASS
    database: legacy_app
    enabled: true

  - name: staging_db
    type: postgres
    host: 127.0.0.1
    user: pg_backup
    password_env: PG_PASS
    database: app_staging
    enabled: false             # skipped — won't be backed up

Backup file naming

Each backup is saved as:

{name}_{YYYYMMDD}_{HHMMSS}.sql.gz

For example: app_db_20240115_020001.sql.gz

Extra options

The extra_opts field is passed verbatim to mysqldump or pg_dump. Common options:

OptionEffect
--no-ownerDon't output commands to set ownership
--no-aclDon't output access privilege commands
--schema=publicDump only the public schema
--exclude-table=logsSkip a specific table
OptionEffect
--single-transactionConsistent snapshot without locking (InnoDB)
--quickRetrieve rows one at a time (large tables)
--ignore-table=db.logsSkip a specific table
--no-dataSchema only, no rows

Configuration

Overview of the OpsVault configuration file.

Storage

Upload backups to remote storage via rclone.

On this page

FieldsPassword via environment variableMySQL examplePostgreSQL exampleMultiple databasesBackup file namingExtra options