Hermes Backup

Universal backup and restore for AI agent platforms. Works with Hermes Agent and OpenClaw.

What Makes This Different

• - Multi-platform — Works with both Hermes (~/.hermes/) and OpenClaw (~/.openclaw/)
• Optional encryption — Password-protect your backups (AES-256)
• Optional cloud — Set up S3, Google Drive, or Dropbox if you want off-site storage
• Flexible backups — Full or incremental, your choice
• Smart retention — Keep last N backups, or N days, or max N GB
• Integrity checking — Verify backups before trusting them
• Web UI — Browser-based management with progress bars

Installation

CODEBLOCK0

Quick Start

CODEBLOCK1

Commands

Command	Description
INLINECODE2	Create backup (full or incremental)
INLINECODE3

Restore from backup | | hermes-backup serve | Start web UI | | hermes-backup config | Interactive configuration | | hermes-backup cloud setup | Configure cloud storage | | hermes-backup list | Show all backups | | hermes-backup verify <file> | Check backup integrity | | hermes-backup schedule | Set up automatic backups |

What Gets Backed Up

Hermes Agent Structure

Component	Path	Contents
Config	INLINECODE10	All settings, API keys
Environment

~/.hermes/.env | API keys, secrets |

| Identity | ~/.hermes/SOUL.md | Agent personality | | Memory | ~/.hermes/memories/ | Long-term memories | | Sessions | ~/.hermes/sessions/ | Conversation history | | Skills | ~/.hermes/skills/ | Installed skills | | State | ~/.hermes/state.db | Database | | Workspace | ~/.openclaw/workspace/ | Cross-platform workspace |

OpenClaw Structure

Component	Path	Contents
Config	INLINECODE18	Gateway, models, channels
Workspace

~/.openclaw/workspace/ | Agent files, skills |

| Credentials | ~/.openclaw/credentials/ | Channel pairing state | | Sessions | ~/.openclaw/agents/main/sessions/ | Chat history | | Skills | ~/.openclaw/skills/ | System skills | | Cron | ~/.openclaw/cron/ | Scheduled jobs |

Configuration

Interactive Setup

CODEBLOCK2

This walks you through:

1. 1. Platform detection — Hermes or OpenClaw (auto-detected)
2. Backup location — Where to save archives
3. Encryption — Enable password protection? (optional)
4. Backup type — Full or incremental?
5. Retention — How many backups to keep?
6. Cloud — Set up cloud storage? (optional)

Config File (~/.hermes-backup/config.yaml)

CODEBLOCK3

Creating Backups

Full Backup (Default)

CODEBLOCK4

Incremental Backup

CODEBLOCK5

Encrypted Backup

CODEBLOCK6

⚠️ Warning: If you lose the encryption password, the backup is unrecoverable. Store it in a password manager.

With Cloud Upload

CODEBLOCK7

Restoring Backups

Standard Restore

CODEBLOCK8

Encrypted Restore

CODEBLOCK9

Selective Restore

CODEBLOCK10

Cloud Storage Setup

Amazon S3

CODEBLOCK11

Google Drive

CODEBLOCK12

Dropbox

CODEBLOCK13

Testing Cloud Connection

CODEBLOCK14

Scheduling Automatic Backups

Via Cron

CODEBLOCK15

Manual Cron Entry

CODEBLOCK16

Web UI

CODEBLOCK17

Integrity Verification

CODEBLOCK18

Listing Backups

CODEBLOCK19

Migration Between Platforms

Hermes → OpenClaw

CODEBLOCK20

OpenClaw → Hermes

Same process, reverse direction.

Security Considerations

Backup Archive Contents

Backups contain highly sensitive data:

• - API keys (OpenAI, Anthropic, ElevenLabs, etc.)
• Bot tokens (Telegram, Discord, etc.)
• Session data
• Personal memories/conversations

Security Best Practices

1. 1. File Permissions

- Backups created with chmod 600 (owner only) - Never chmod 777 a backup

1. 2. Storage

- Keep local backups in encrypted disk/VeraCrypt - Cloud backups: use provider encryption at rest - Never commit backups to git

1. 3. Transmission

- Use scp/sftp, not email - Cloud uploads use HTTPS - Web UI uses token authentication

1. 4. Encryption Password

- Use a password manager (1Password, Bitwarden) - Minimum 12 characters - Mix of uppercase, lowercase, numbers, symbols - Never reuse passwords

1. 5. Rotation

- Old backups may contain old API keys - Rotate API keys periodically - Delete backups older than needed

Troubleshooting

"Permission denied" on backup

CODEBLOCK21

"Backup is corrupted"

CODEBLOCK22

"Cloud upload failed"

CODEBLOCK23

Restore fails halfway

CODEBLOCK24

Scripts Reference

scripts/backup.sh

Main backup script. Creates .tar.gz archive with MANIFEST.json.

scripts/restore.sh

Restores from archive. Always dry-runs first. Creates pre-restore backup.

scripts/serve.sh

Starts web UI server. Requires --token for security.

scripts/verify.sh

Verifies backup integrity using checksums.

scripts/cloud-upload.sh

Uploads backup to configured cloud storage.

scripts/config.sh

Interactive configuration wizard.

Version History

v1.0.0

• - Initial release
• Multi-platform support (Hermes + OpenClaw)
• Full and incremental backups
• Optional encryption (AES-256)
• Optional cloud storage (S3, Google Drive, Dropbox)
• Web UI for browser-based management
• Integrity verification
• Flexible retention policies
• Migration support between platforms

License

MIT-0 — Free to use, modify, and redistribute. No attribution required.

---

Built for the MyClaw.ai ecosystem — the open AI personal assistant platform.