Skip to content


Preparation for Backup

Unless disabled via the configuration users can make backups of the Nepenthes installation from within the administration area. They either need to be an administrator or have the global permission to do so.

You can yourself create backups of your Nepenthes installation. Go to Administration and Backup to get started.


To be able to create a backup, a so called backup token has to be generated first. This is supposed to add another level of security since backing up the whole installation includes sensitive data.

You will then need to create a backup token by clicking + Backup token.


You will be asked to confirm your password when you try to generate or reset a token. The backup token will only be displayed once after it has been generated. Make sure you store it in a safe place.

The system generates the token which you then fill in where requested in the field below. Then you can press the Request backup button


Each time you request a backup this token has to be provided. This also applies when requesting a backup via the API where on top of the API token the backup token will have to be provided as well.


Each time a backup token is created or reset an email notification will be sent to all administrators take make everyone aware that there is a new user with access to backups.

After having requested the backup, you will receive an email notification with a link to download your backup. For this, you will need additional authentication (username and password as well as 2-Factor-Authentication if activated) to download the backup files.

Delayed reset

If the user resetting (or creating) a backup token does not have a password, for instance because they authenticate using Google, the newly generated backup token will only be valid after an initial waiting period. This is to make sure that no unauthorized user can get their hands on a backup even when accessing a logged-in user's desktop.

As a system administrator you can skip this period by running the following rake task on the server's terminal:

sudo openproject run rake backup:allow_now

In a docker setup you can open a terminal on any of the web or worker processes and run the rake task there.

Pull a backup via APIv3

It is sometimes good to have backups on other locations (e.g. local vs cloud). You are able to pull a backup via the APIv3 in Nepenthes.


  1. The Token must be already generated and stored in a secure keystore
  2. The API Key must be known and stored in a secure keystore

You could use our example bash script and integrate it in your crond for running it daily.