Encrypted Snapshots
Every backup is encrypted by restic before it ever leaves your machine. AES-256 encryption with a password stored exclusively in macOS Keychain β never written to disk.
Plugin OpenClaw Ecosystem
Auto Backup
Encrypted, deduplicated, hands-off backups for your entire OpenClaw setup β powered by restic and rclone.
Overview
Auto Backup keeps your OpenClaw config, agent memory, session logs, and source code safe without you ever thinking about it. It pairs restic for encryption and deduplication with rclone for Google Drive transport β and your encryption password lives in macOS Keychain, never on disk.
2
Paths Backed Up
7
Daily Snapshots
4
Weekly Snapshots
0
Plaintext Secrets
Capabilities
Key Features
Six layers of reliability β from on-device encryption to cloud transport to scheduled execution.
Deduplication
restic's content-addressed storage means only changed chunks are uploaded. Incremental backups are fast and your Google Drive quota stays lean.
Google Drive Storage
Backups are transported to Google Drive via rclone OAuth. Your data lives in your own Drive folder β no third-party custody, no extra subscriptions.
macOS Keychain Security
The restic encryption password is generated once and stored in macOS Keychain under the service name openclaw-backup. It never touches a .env file or the filesystem.
Retention Policy
Keeps the last 7 daily and 4 weekly snapshots, then automatically prunes older ones after each run. You get history without runaway storage growth.
OpenClaw Cron Scheduling
Register the backup as an OpenClaw cron job (daily at 4 AM EST) and it runs hands-off β no crontab, no launchd, no manual triggers.
Architecture
How It Works
Backup Pipeline
Two source paths are passed to restic, which deduplicates and encrypts content
before handing off to rclone for upload. The entire pipeline runs in a single
./backup.sh invocation.
~/.openclaw/ ~2.9 GB Β· config, memory, logs, media ~/projects/ ~1.3 GB Β· source code, experiments β restic encrypt + dedup
rclone β Google Drive
Encrypted snapshot stored in your own Drive folder Excluded (never backed up)
node_modules/ .venv/ browser/ cache .git/objects
Restore Flow
Any snapshot can be restored to an arbitrary target path. You can restore the full tree, filter to a specific subdirectory, or do a dry-run first to confirm what would land where.
./backup.sh Incremental backup β fast, deduped ./backup.sh --dry-run Preview changes without uploading ./restore.sh --list Show all available snapshots ./restore.sh --target ~/restore Restore latest to a safe directory ./setup.sh One-click install: brew, Keychain, rclone OAuth Coverage
What Gets Protected
Every meaningful piece of your OpenClaw environment β from agent memory to cron jobs β covered in every snapshot.
Config & Workspace
Your entire ~/.openclaw/ directory: settings, plugin configs, and active workspace files (~2.9 GB).
Agent Memory
Persistent cross-session memory, shared entities, and long-term knowledge stored in ~/.openclaw/memory/.
Session Logs
Full conversation and tool-call logs from every session, preserved for audit and replay.
Media Files
Images, audio, and other media attached to agent sessions β kept alongside the logs that reference them.
Source Code
Your entire ~/projects/ directory (~1.3 GB) minus node_modules, .venv, and .git/objects (those are on GitHub).
Cron Jobs
OpenClaw cron schedules and task definitions are part of ~/.openclaw/ and are therefore included in every snapshot.
Coming Soon
Join the Waitlist
Be the first to know when this plugin launches.