Tergum is simple tool provides centralized backup solution with multiple sources (databases, files, S3, ...) and multiple backup storages (S3, filesystem, ...). Tergum has native backup monitoring and alerts you when backup fails. Tergum also support backup encryption, compression and automatic recovery testing.
Tergum is under active development, not all features are already implemented. Check current project state
Let's discuss Tergum in your project in 30 min call
Tergum means backup in latin.
Tergum Cloud allow you to manage your backup using UI & Terraform and store your backups securely in our AWS.
Are you interested in our public beta? Drop us email [email protected]
Tergum Enterprise brings our cloud platform behind your filewall. For an inquiry, contact our sales [email protected]
Install using Brew:
brew install sikalabs/tap/tergum
See: tergum completion
source <(tergum completion bash)
See: https://github.com/sikalabs/tergum-cli-docs/blob/master/tergum.md#tergum
Generate Markdown CLI docs to ./cobra-docs
tergum generate-docs
Tergum supports only JSON config file, but we're working on YAML support.
Config file examples are in misc/example/config directory
Meta:
SchemaVersion: 3
Cloud: <Cloud>
Notification: <Notification>
Backups:
- <Backup>
- <Backup>
- ...
ID: <UniqueBackupID>
Source:
Mysql: <BackupSourceMysqlConfiguration>
MysqlServer: <BackupSourceMysqlServerConfiguration>
Postgres: <BackupSourcePostgresConfiguration>
PostgresServer: <BackupSourcePostgresServerConfiguration>
Mongo: <BackupSourceMongoConfiguration>
SingleFile: <BackupSourceSingleFileConfiguration>
Dir: <BackupSourceDirConfiguration>
KubernetesTLSSecret: <BackupSourceKubernetesTLSSecret>
Kubernetes: <BackupSourceKubernetes>
Notion: <BackupSourceNotion>
FTP: <BackupSourceFTP>
Redis: <BackupSourceRedis>
Vault: <BackupSourceVault>
Dummy: <BackupSourceDummy>
Gitlab: <BackupSourceGitlab>
Consul: <BackupSourceConsul>
Middlewares:
- <MiddlewareConfiguration>
- ...
Destinations:
- ID: <UniqueBackupDestinationID>
Middlewares:
- <MiddlewareConfiguration>
- ...
FilePath: <BackupDestinationFilePathConfiguration>
File: <BackupDestinationFileConfiguration>
S3: <BackupDestinationS3Configuration>
AzureBlob: <BackupDestinationAzureBlobConfiguration>
- ...
SleepBefore: <sleep time befor backup job in seconds>
Gzip: {}
SymmetricEncryption:
Passphrase: "passphrase"
Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"
With extra args
Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"
MysqldumpExtraArgs:
- --column-statistics=0
Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
With extra args
Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
MysqldumpExtraArgs:
- --column-statistics=0
Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"
With extra args
Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"
PgdumpExtraArgs:
- --ignore-version
Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
With extra args
Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
PgdumpallExtraArgs:
- --ignore-version
Dump all dbs & no auth
Host: "127.0.0.1"
Port: "27017"
Dump all dbs with auth
Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
Dump single db with auth
Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
Database: "test"
Dump single db with auth and custom Authentication Database
Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
AuthenticationDatabase: "test" # default is admin
Database: "test"
Backup all TLS secrets
Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Backup single TLS secret
Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
SecretName: tls-example-com
Backup all resources (pods)
Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod
Backup single resource (hello-world pod)
Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod
Name: hello-world
Path: /data/export/dump.sql
Path: /data
Token: <Notion token_v2>
SpaceID: <Notion Space UID>
Format: <Fotmat of export ("html" or "markdown")>
Host: <FTP host>
User: <FTP user>
Password: <FTP password>
Host: <host>
Port: <port>
Addr: <vault address>
Token: <vault token>
Content: <backup content>
NamePrefix: <prefix Gitlab backup file in /var/opt/gitlab/backups>
Skip: <skip (for example registry)>
- Gitlab Docs about SKIP - https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html?tab=Linux+package+%28Omnibus%29#excluding-specific-data-from-the-backup
Addr: <host>
Token: <token>
Example without ACL
Addr: http://127.0.0.1:8500
Example with ACL requires token
Addr: http://127.0.0.1:8500
Token: 51047cd1-c243-a969-2bf1-a845405e4da9
Path: "/backup/mysql-default.sql"
Dir: "/backup/"
Prefix: "mysql-default"
Suffix: "sql"
AWS:
AccessKey: "admin"
SecretKey: "asdfasdf"
Endpoint: "https://minio.example.com"
BucketName: "tergum-backups"
Prefix: "mysql-default"
Suffix: "sql"
Minio:
accessKey: "aws_access_key_id"
secretKey: "aws_secret_access_key"
region: "eu-central-1"
bucketName: "tergum-backups"
prefix: "mysql-default"
suffix: "sql"
AccountName: account_name
AccountKey: account_key
ContainerName: container_name
Prefix: "mysql-default"
Suffix: "sql"
Backends: {
Email: <NotificationBackendEmail>
Target:
- <NotificationTarget>
- <NotificationTarget>
- ...
SmtpHost: "mail.example.com"
SmtpPort: "25"
Usename: "aaa"
Password: "aaa/bbb"
From: "[email protected]"
Email: <NotificationEmailTarget>
SlackWebhook: <NotificationSlackWebhookTarget>
Emails:
- [email protected]
- [email protected]
SendOK: false
SendOK=true
will send email notification for all tergum runs (failed & OK runs)
URLs:
- https://hooks.slack.com/services/xxx/yyy/zzz
SendOK: false
SendOK=true
will send email notification for all tergum runs (failed & OK runs)
Email: <email of tergum cloud account>
- SingleFile
- Files (Dir)
- Postgres
- PostgresServer
- MySQL
- MySQLServer
- Oracle (Enterprise)
- S3
- Ceph RBD
- CephFS
- MongoDB
- Gitlab
- Proxmox
- Kubernetes Resource
- Kubernetes TLS Secret
- Container Image
- Redis
- Notion
- FTP Server (for old school hostings)
- Hashicorp Vault
- Hashicorp Consul
- Dummy (for testing)
- YAML
- Environment Variables
- Hashicorp Vault
- AWS Secrets Manager
- Azure Key Vault
- GZIP Compression
- Symmetric Encryption
- AsymmetricEncryption
- GPG Encryption
- GPG Signatures
- Files
- S3
- Tergum Cloud
- Azure Blob
- GCS (Google Cloud Storage)
- Container Registry
- Slack
- Microsoft Teams
- Pagerduty