App Backups - Vaultwarden

Hi

I am using an SSD on my Truenas setup for IX Applications. Here I have also created an encrypted dataset for my vaultwarden installation.

I would like to know what is the best way to backup Vaultwarden in particular? I have not found a good answer for this online. I am thinking that maybe duplicating the whole dataset to local storage and encrypt a copy to cloud storage. But, then I have no idea how to restore from these backups.

Can anyone shine some light on this? :slight_smile:

Vaultearden stores all persistent data inside the ./data folder I believe (check the docs for this) I would mount that using a host volume, then back up that dataset using replication to another server.

Sorry for late reply.

I read that also in the Vaultwarden docs, but, could not locat a /data folder in the current installation.

I have opted to export the fault as encrypted .json for the time being and keep that in safe place as backup. Not ideal, but will do.

For me, everything Is in the /data folder, like docs mention (i migrate from jail to docker compose with the same path).
Same docs mention too

By default, vaultwarden stores all of its data under a directory called data (in the same directory as the vaultwarden executable)

And provide the strutture of the folder

data
├── attachments # Each attachment is stored as a separate file under this dir.
│ └── # (The attachments dir won’t be present if no attachments have been created.)
│ └── <random_id>
├── config.json # Stores admin page config; only exists if the admin page has been enabled before.
├── db.sqlite3 # Main SQLite database file.
├── db.sqlite3-shm # SQLite shared memory file (not always present).
├── db.sqlite3-wal # SQLite write-ahead log file (not always present).
├── icon_cache # Site icons (favicons) are cached under this dir.
│ ├── .png
│ ├── example.com.png
│ ├── example.net.png
│ └── example.org.png
├── rsa_key.der # rsa_key.* files are used to sign authentication tokens.
├── rsa_key.pem
├── rsa_key.pub.der
└── sends # Each Send attachment is stored as a separate file under this dir.
└── # (The sends dir won’t be present if no Send attachments have been created.)
└── <random_id>

so it would appear that indeed this folder Is named differently in your case, but the structure should be the same (if you run SQL lite).
Can you find a folder with this structure path in your installation?

I also see that in some image the /data folder Is named /vw-data.

Hope this helps

Hi,

this is what I have in the dataset where the entire configuration of Vaultwarden has been set up to store data:

-rwxrwx— 1 netdata docker 3 Sep 27 21:03 PG_VERSION
drwxrwx— 2 apps docker 2 Sep 27 21:04 attachments
drwxrwx— 6 netdata docker 6 Sep 27 21:03 base
drwxrwx— 2 netdata docker 63 Oct 9 22:03 global
drwxrwx— 2 apps docker 210 Oct 9 22:04 icon_cache
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_commit_ts
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_dynshmem
-rw------- 1 netdata docker 4821 Sep 27 21:03 pg_hba.conf
-rw------- 1 netdata docker 1636 Sep 27 21:03 pg_ident.conf
drwxrwx— 4 netdata docker 5 Oct 10 07:27 pg_logical
drwxrwx— 4 netdata docker 4 Sep 27 21:03 pg_multixact
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_notify
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_replslot
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_serial
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_snapshots
drwxrwx— 2 netdata docker 2 Oct 9 22:02 pg_stat
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_stat_tmp
drwxrwx— 2 netdata docker 3 Sep 27 21:03 pg_subtrans
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_tblspc
drwxrwx— 2 netdata docker 2 Sep 27 21:03 pg_twophase
drwxrwx— 3 netdata docker 5 Oct 1 14:07 pg_wal
drwxrwx— 2 netdata docker 3 Sep 27 21:03 pg_xact
-rw------- 1 netdata docker 88 Sep 27 21:03 postgresql.auto.conf
-rw------- 1 netdata docker 29541 Sep 27 21:03 postgresql.conf
-rwxrwx— 1 netdata docker 36 Oct 9 22:02 postmaster.opts
-rwxrwx— 1 netdata docker 94 Oct 9 22:02 postmaster.pid
-rwxrwx— 1 apps docker 1675 Sep 27 21:04 rsa_key.pem
drwxrwx— 2 apps docker 2 Sep 27 21:04 sends
drwxrwx— 2 apps docker 2 Sep 27 21:04 tmp
-rwxrwx— 1 netdata docker 367057 Oct 7 15:05 vaultwarden_2024-10-07_15-05-12.sql

For the time being I have create a replication task for this directory to my main storage mirror.

Is not so “readable” but seems conciding with the data folder structure, except i didn’t see a config json file. You are using postgree sql so is legit that the data structure i posted above is quite different.

Exactly what i do, and (already done) it works as a full backup as well.
But i’m using sqllite (for my small usage is more than enough), should work with postgree too but for be 100% sure i will try to simulate e restore cloning the dataset in another one and switching (or create another same app with the new dataset)

1 Like

Yea sorry, did not have an option to provide a better paste right now :smiley:

Ill just stick with the replication task for the time being, and, run a test also. I think Ill change the storage locations within the app to use the ones stored on my mirror. If all works then good.

I also have a secret backup of a .json encrypted exported via the Vaultwarden interface. (If all goes to …)

Btw. Is there much difference in terms of required resources between these two.? sqlite would be more than enough for my miniscule data heap. Just stuck with postgree out of the box.

Include into triple ` :wink: (usefull discourse guide)

-rwxrwx— 1 netdata docker 3 Sep 27 21:03 PG_VERSION
drwxrwx— 2 apps docker 2 Sep 27 21:04 attachments
drwxrwx— 6 netdata docker 6 Sep 27 21:03 base
...

works great

Honestly, don’t know how exactly can impact that in resource terms, and if have sense “downgrade”.
If you want i can share with you that my VW container use less than 50mb of ram in “idle” and 60~65 mb during access. Cpu usage is so small that is hard to estimate :rofl:
Probably using SQLlite than Postgree is way better in small scenario where you can’t simply “replicate a dataset”, so you need to backup/dump properly db too (same for Mariadb).