← Back to Skills Marketplace
ugvfpdcuwfnh

Docker Volume Backup Or Restore

by HongWei Jiang · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
36
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install docker-volume-backup-or-restore
Description
Robust Docker volume migration and backup using per-volume encrypted archives and registry-based transport. Supports dry-runs, container exclusion, and safe...
README (SKILL.md)

Docker Volume Backup Or Restore (v2.0)

Overview

This skill provides a secure, registry-backed workflow for migrating or backing up Docker volumes. Version 2.0 introduces a per-volume encryption architecture, creating separate encrypted archives for each volume. This improves reliability for large volume sets and eliminates path-parsing ambiguities during restoration.

Key features:

  • Zero-Trust Restore: Files are copied out of the backup image using docker cp. The backup image's code is never executed.
  • Per-Volume Encryption: Each volume is encrypted separately with AES-256-CBC (PBKDF2).
  • Container Safety: Automatically stops containers to ensure data consistency, with an --exclude-stop flag for critical infrastructure (like proxies or AI providers).
  • Registry Transport: Uses standard Docker registries as storage, making it easy to move data between any Docker-enabled hosts.
  • Dry-Run Support: Preview actions before stopping containers or pushing data.

Workflow

1. Prerequisites

  1. Docker: Must be installed and running.
  2. Registry Login: Ensure you are logged in to your target registry (e.g., docker login).
  3. Helper Image: The script uses a pinned alpine image for crypto operations. It must be pre-pulled for safety.

2. Backup Mode

Creates encrypted archives of all local volumes and pushes them as a single multi-layer image.

# Basic backup (auto-derives image name from hostname)
bash docker_volume_backup_or_restore.sh --backup --encrypt-password 'your-password'

# Backup with specific image and excluded containers
bash docker_volume_backup_or_restore.sh --backup-image user/repo:tag --encrypt-password 'pass' --exclude-stop proxy,db

What happens:

  1. Identifies all local volumes and running containers.
  2. Stops containers (except those in --exclude-stop).
  3. Mounts volumes into a trusted Alpine container.
  4. New in v2.0: Packages and encrypts each volume into its own .tar.gz.enc file.
  5. Builds a scratch-based image containing only these encrypted archives.
  6. Pushes the image to the registry.
  7. Restarts the stopped containers.

3. Restore Mode

Pulls a backup image and restores volumes to the local host.

bash docker_volume_backup_or_restore.sh --restore user/repo:tag --encrypt-password 'your-password'

What happens:

  1. Pulls the backup image.
  2. Creates a temporary container to docker cp the archives out (safely).
  3. Discovers volume names from the archive filenames.
  4. Creates missing local volumes.
  5. For each volume: decrypts the archive and copies data into the volume using a trusted helper.

Arguments

  • --backup [IMAGE]: Start backup mode. Optional IMAGE override.
  • --backup-image IMAGE: Explicit backup image reference.
  • --restore IMAGE: Start restore mode using the specified image.
  • --encrypt-password PASS: Required. Password for AES-256 encryption/decryption.
  • --exclude-stop LIST: Comma-separated list of containers to keep running during backup.
  • --dry-run: Show planned actions without executing them.

Safety and Tradeoffs

  • Encryption: Uses openssl AES-256-CBC with PBKDF2. Passwords are never stored in the image.
  • Data Integrity: Stopping containers is highly recommended to prevent partial writes.
  • Storage: Large volumes will result in large images. Ensure your registry has sufficient quota and bandwidth.
  • Overwrites: Restore mode will overwrite existing data if a volume with the same name already exists.
Usage Guidance
Review the script before use, pre-test with `--dry-run`, specify an explicit private registry image, and avoid running it on shared hosts. Consider replacing the runtime `apk add` step with a reviewed helper image that already includes pinned tools before using it for sensitive Docker volumes.
Capability Analysis
Type: OpenClaw Skill Name: docker-volume-backup-or-restore Version: 2.0.0 The skill provides a utility for backing up and restoring Docker volumes using encrypted archives pushed to a Docker registry. It implements several security best practices, including AES-256-CBC encryption with PBKDF2, the use of a pinned Alpine helper image by digest (alpine@sha256:48b030...), and a 'Zero-Trust' restore mechanism that extracts data via 'docker cp' to avoid executing untrusted code from backup images. The script (docker_volume_backup_or_restore.sh) and documentation (SKILL.md) are transparent about their operations, including stopping containers for data consistency and requiring explicit user-provided passwords.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The skill’s Docker-volume backup and restore behavior matches its stated purpose, but it intentionally handles all local Docker volumes, pushes encrypted backups to a registry, and can overwrite restored volume data.
Instruction Scope
The instructions disclose stopping containers, pushing backup images, dry-run support, and restore overwrite risk; users should still treat backup and restore commands as high-impact operations.
Install Mechanism
Although the documentation emphasizes a fixed-digest, pre-pulled helper image, the script runs an automatic `apk add --no-cache openssl tar` inside that helper container, introducing unpinned runtime package provenance.
Credentials
Docker daemon access, registry authentication, container stopping, image push/pull, and volume creation are powerful but generally proportional to Docker volume migration.
Persistence & Privilege
The skill creates persistent registry images and local Docker volume changes; this is disclosed, but users should confirm image destinations and restore targets before running.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install docker-volume-backup-or-restore
  3. After installation, invoke the skill by name or use /docker-volume-backup-or-restore
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Version 2.0.0 — Major update with per-volume encryption and safer workflows - Encrypts and stores each Docker volume as a separate AES-256-CBC (PBKDF2) archive in the backup image. - Ensures secure "zero-trust" restores: restores never execute code from the backup image, only copying files out via `docker cp`. - Adds `--dry-run` mode to preview actions before performing backup or restore. - Improves backup consistency with optional exclusion of critical containers via `--exclude-stop`. - Updates argument handling: `--encrypt-password` is now required for all operations. - Images are now built from scratch to minimize attack surface and contain only encrypted data.
v1.0.0
Initial public release: backup/restore all Docker volumes via encrypted registry image; add --dry-run; auto default image naming; fix backup workdir/output conflict; support --exclude-stop for proxy containers; fix restore volume-name parsing for ./prefix tar paths.
Metadata
Slug docker-volume-backup-or-restore
Version 2.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Docker Volume Backup Or Restore?

Robust Docker volume migration and backup using per-volume encrypted archives and registry-based transport. Supports dry-runs, container exclusion, and safe... It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.

How do I install Docker Volume Backup Or Restore?

Run "/install docker-volume-backup-or-restore" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Docker Volume Backup Or Restore free?

Yes, Docker Volume Backup Or Restore is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Docker Volume Backup Or Restore support?

Docker Volume Backup Or Restore is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Docker Volume Backup Or Restore?

It is built and maintained by HongWei Jiang (@ugvfpdcuwfnh); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments