ClawHosters
by Daniel Samer
5 min read
Someone ran openclaw doctor --fix during an upgrade and lost their entire agent config. API keys, messaging sessions, weeks of conversation history. Gone. That GitHub issue (#6477) got enough traction that the OpenClaw team built a native backup CLI into v2026.3.8.
Here's how to use it. And why you probably should.
What Actually Lives in Your OpenClaw Instance
Most people think backing up means saving a config file. It's more than that.
Your OpenClaw instance stores SOUL.md (your agent's personality), a SQLite database called gateway.db (every conversation, all accumulated memory), credentials for Telegram, WhatsApp, and any other connected channel, cron job definitions, installed skills, and MEMORY.md files your agent built over time.
Lose gateway.db and you lose months of context your agent learned. Lose your WhatsApp session keys and you're scanning a QR code again. Lose SOUL.md and your agent is a stranger.
The v2026.3.8 Backup CLI
OpenClaw v2026.3.8 shipped with two commands that make backups a first-class feature:
openclaw backup create packages your entire agent state into an AES-256 encrypted archive. Config, workspace, credentials, database, sessions. Everything.
openclaw backup verify checks that an existing archive is intact and can be restored.
There's also a --only-config flag for lightweight snapshots. Useful when you want to clone your agent's settings to a second instance without carrying over conversation history.
One thing worth knowing: the backup CLI doesn't call an LLM. It's a pure file operation. That means you can run it hourly via cron and it costs nothing. Compare that to the old approach where agent-invoked backup crons could burn through $14 per day in API calls.
Three Backup Strategies
Pick the one that matches your risk tolerance. Or combine them.
Manual before updates. Stop the gateway, run openclaw backup create, verify the archive, then upgrade. If the upgrade breaks something, you roll back. This is the bare minimum every self-hoster should do. LumaDock's upgrade guide walks through this in detail.
Automated daily cron. Set a cron job that runs openclaw backup create once a day to local storage. Keep 30 days of archives and rotate the oldest out. The ClawTank migration guide recommends this as the foundation for any backup strategy.
Remote cloud storage. Use rclone to sync your backup directory to S3, Backblaze B2, or any object storage provider. This protects you when the entire server dies, not just when an upgrade goes wrong. Weekly remote sync with 90-day retention is a solid starting point.
Security: Your Backups Contain Secrets
This part matters more than most people realize.
The OpenClaw security docs are blunt about it: "Assume anything under ~/.openclaw/ may contain secrets or private data." Your backup archive contains API keys, OAuth tokens, and WhatsApp cryptographic session keys. All in cleartext inside the archive.
Encrypt at rest. Restrict file permissions. Don't upload unencrypted archives to shared storage. And if a backup archive ever gets exposed, rotate every token and API key immediately.
Restore and Migration
Restore is the reverse of backup. Extract the archive to your OpenClaw directory, verify file permissions, restart the gateway.
For server migration, the flow looks like this: create a backup on the old server, transfer the archive to the new one (scp, rsync, whatever you prefer), extract, and start the gateway. Telegram sessions restore cleanly because they're just a bot token. WhatsApp is trickier. Sessions transfer in most cases, but be ready to re-scan a QR code.
Third-Party Tools
Two community options worth knowing about.
Keep My Claw offers managed encrypted cloud backup for $5/month. Zero-knowledge encryption, 30 snapshots per agent, up to 100 agents. It handles the cron, the storage, and the encryption. You just install and forget.
LeoYeAI/openclaw-backup is open-source and free. Its headline feature is zero re-pair migration, meaning channels like WhatsApp auto-reconnect after restore without needing a new QR scan. Worth a look if you're moving between servers regularly.
What ClawHosters Handles for You
If you're on ClawHosters, the backup story is different. The platform runs your agent on managed infrastructure with automatic daily snapshots at the VPS level. No CLI commands, no cron jobs, no S3 buckets to configure.
Need to restore? One click from your dashboard. The snapshot captures everything, including your agent state, gateway database, and messaging sessions.
Self-hosting means owning your backup strategy. Managed hosting means it's handled. That's probably the biggest practical difference between running OpenClaw yourself versus using a managed platform.
