Skip to content

License Python 3.13 Ruff Tests Type check Dev build Release build Update of db versions

Ogion

A tool for performing scheduled database backups and transferring encrypted data to secure public clouds, for home labs, hobby projects, etc., in environments such as k8s, docker, vms.

Backups are in age format using age, with strong encryption under the hood. Why age? it's modern replacement for GnuPG, available for most architectures and systems.

This project is more or less well tested cron-like runtime with predefined supported providers and backup targets (see below) with sensible defaults for backup commands. It has rich integration tests using providers container replacements: fake gcs, azurite, minio. Goal was to make 100% sure it will work in the wild.

Starting from version 8.0, lzip compression is used before encryption step. While mixing compression with encryption can be dangerous in some scenarios, lzip is used here, because it operates on fixed-size blocks, making it resistant to compression side-channel attacks.

Documentation

Alternatives

There are better tools for bigger databases like pgBackRest - Reliable PostgreSQL Backup & Restore.

Supported backup targets

Supported upload providers

  • Google Cloud Storage bucket
  • S3 storage compatibile bucket (AWS, Minio)
  • Azure Blob Storage
  • Debug (local)

Notifications

  • Discord
  • Email (SMTP)
  • Slack

Deployment strategies

Using docker image: rafsaf/ogion:latest, see all tags on dockerhub

  • docker (docker compose) container
  • kubernetes deployment

Architectures

  • linux/amd64
  • linux/arm64

Example

Everyday 5am backup of PostgreSQL database defined in the same file and running in docker container.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# docker-compose.yml

services:
  db:
    image: postgres:17
    environment:
      - POSTGRES_PASSWORD=pwd
  ogion:
    image: rafsaf/ogion:latest
    environment:
      - POSTGRESQL_DB_README=host=db password=pwd cron_rule=0 0 5 * * port=5432
      - AGE_RECIPIENTS=age1q5g88krfjgty48thtctz22h5ja85grufdm0jly3wll6pr9f30qsszmxzm2
      - BACKUP_PROVIDER=name=debug

(NOTE this will use provider debug that store backups locally in the container).

Real world usage

The author actively uses ogion (with GCS) for one production project plemiona-planer.pl postgres database (both PRD and STG) and for bunch of homelab projects including self hosted Firefly III mariadb, Grafana postgres, KeyCloak postgres, Nextcloud postgres and configuration file, Minecraft server files, and two other postgres dbs for some demo projects.

See how it looks for ~2GB size database:

ogion_gcp_example_twp-min.jpg