Skip to content
/ tergum Public

Tergum is simple tool provides centralized backup solution with multiple sources (databases, files, S3, ...) and multiple backup storages (S3, filesystem, ...)

49 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sikalabs/tergum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

552 Commits
.github
.github
 
 
_images
_images
 
 
backup
backup
 
 
backup_log
backup_log
 
 
backup_output
backup_output
 
 
backup_process
backup_process
 
 
backup_process_utils
backup_process_utils
 
 
cloud
cloud
 
 
cmd
cmd
 
 
config
config
 
 
do_backup
do_backup
 
 
examples/config
examples/config
 
 
misc
misc
 
 
notification
notification
 
 
server
server
 
 
telemetry
telemetry
 
 
utils
utils
 
 
version
version
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
CLAUDE.md
CLAUDE.md
 
 
Dockerfile.goreleaser
Dockerfile.goreleaser
 
 
Dockerfile.goreleaser.arm64v8
Dockerfile.goreleaser.arm64v8
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
install.sh
install.sh
 
 
main.go
main.go
 
 

Repository files navigation

Tergum

Tergum: Universal Backup Tool

SikaLabs SikaLabs SikaLabs

Why Tergum?

Tergum is simple tool provides centralized backup solution with multiple sources (databases, files, S3, ...) and multiple backup storages (S3, filesystem, ...). Tergum has native backup monitoring and alerts you when backup fails. Tergum also support backup encryption, compression and automatic recovery testing.

Tergum is under active development, not all features are already implemented. Check current project state

Do you want to start using Tergum? Give us a call

Let's discuss Tergum in your project in 30 min call

What "Tergum" means?

Tergum means backup in latin.

Tergum Cloud: Bring Your Backups into Cloud

Tergum Cloud allow you to manage your backup using UI & Terraform and store your backups securely in our AWS.

Are you interested in our public beta? Drop us email [email protected]

Tergum Enterprise: Use Tergum Cloud in Your Private Infrastructure

Tergum Enterprise brings our cloud platform behind your filewall. For an inquiry, contact our sales [email protected]

Install

Install using Brew:

brew install sikalabs/tap/tergum

On Linux (amd64):

curl -fsSL https://raw.githubusercontent.com/sikalabs/tergum/master/install.sh | sudo sh

Using scoop on Windows:

scoop install https://raw.githubusercontent.com/sikalabs/scoop-bucket/master/tergum.json

Autocomplete

See: tergum completion

Bash

source <(tergum completion bash)

CLI Usage

Generated CLI Docs on Github

See: https://github.com/sikalabs/tergum-cli-docs/blob/master/tergum.md#tergum

Generate CLI Docs

Generate Markdown CLI docs to ./cobra-docs

tergum generate-docs

Tergum Config File

Tergum supports only JSON config file, but we're working on YAML support.

Config file examples are in misc/example/config directory

Basic Config Structure

Meta:
  SchemaVersion: 3
Settings: <Settings>
Cloud: <Cloud>
Notification: <Notification>
Telemetry: <Telemetry>
Backups:
  - <Backup>
  - <Backup>
  - ...

Backup Block

ID: <UniqueBackupID>
Source:
  Mysql: <BackupSourceMysqlConfiguration>
  MysqlServer: <BackupSourceMysqlServerConfiguration>
  Postgres: <BackupSourcePostgresConfiguration>
  PostgresServer: <BackupSourcePostgresServerConfiguration>
  Mongo: <BackupSourceMongoConfiguration>
  SingleFile: <BackupSourceSingleFileConfiguration>
  Dir: <BackupSourceDirConfiguration>
  KubernetesTLSSecret: <BackupSourceKubernetesTLSSecret>
  Kubernetes: <BackupSourceKubernetes>
  Notion: <BackupSourceNotion>
  FTP: <BackupSourceFTP>
  Redis: <BackupSourceRedis>
  Vault: <BackupSourceVault>
  Dummy: <BackupSourceDummy>
  Gitlab: <BackupSourceGitlab>
  Consul: <BackupSourceConsul>
Middlewares:
  - <MiddlewareConfiguration>
  - ...
Destinations:
  - ID: <UniqueBackupDestinationID>
    Middlewares:
      - <MiddlewareConfiguration>
      - ...
    FilePath: <BackupDestinationFilePathConfiguration>
    File: <BackupDestinationFileConfiguration>
    S3: <BackupDestinationS3Configuration>
    AzureBlob: <BackupDestinationAzureBlobConfiguration>
    Telegram: <BackupDestinationTelegramConfiguration>
  - ...
SleepBefore: <sleep time befor backup job in seconds>

GzipMiddlewareConfiguration

Gzip: {}
SymmetricEncryption:
  Passphrase: "passphrase"

Example BackupSourceMysqlConfiguration Block

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"

With extra args

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"
MysqldumpExtraArgs:
  - --column-statistics=0

Example BackupSourceMysqlServerConfiguration Block

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"

With extra args

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
MysqldumpExtraArgs:
  - --column-statistics=0

Example BackupSourcePostgresConfiguration Block

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"

With extra args

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"
PgdumpExtraArgs:
  - --ignore-version

With SSL mode

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"
SSLMode: "require"

Example BackupSourcePostgresServerConfiguration Block

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"

With extra args

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
PgdumpallExtraArgs:
  - --ignore-version

With SSL mode

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
SSLMode: "require"

Example BackupSourceMongoConfiguration Block

Dump all dbs & no auth

Host: "127.0.0.1"
Port: "27017"

Dump all dbs with auth

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"

Dump single db with auth

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
Database: "test"

Dump single db with auth and custom Authentication Database

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
AuthenticationDatabase: "test" # default is admin
Database: "test"

Example BackupSourceKubernetesTLSSecret Block

Backup all TLS secrets

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default

Backup single TLS secret

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
SecretName: tls-example-com

Example BackupSourceKubernetes Block

Backup all resources (pods)

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod

Backup single resource (hello-world pod)

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod
Name: hello-world

Example BackupSourceSingleFileConfiguration Block

Path: /data/export/dump.sql

Example BackupSourceDirConfiguration Block

Path: /data
Excludes:
  - /data/tmp

Example BackupSourceNotion Block

Token: <Notion token_v2>
SpaceID: <Notion Space UID>
Format: <Fotmat of export ("html" or "markdown")>

Example BackupSourceFTP Block

Host: <FTP host>
User: <FTP user>
Password: <FTP password>

Example BackupSourceRedis Block

Host: <host>
Port: <port>

Example BackupSourceVault Block

Addr: <vault address>
Token: <vault token>
Headers: <map[string]string of headers, optional>

example with cloudflare access headers

Addr: https://vault.corp.com
Token: s.1234567890
Headers:
  CF-Access-Client-ID: xxx1234567890
  CF-Access-Client-Secret: xxx123456789

Example BackupSourceDummy Block

Content: <backup content>

Example BackupSourceGitlab Block

NamePrefix: <prefix Gitlab backup file in /var/opt/gitlab/backups>
Skip: <skip (for example registry)>

Example BackupSourceConsul Block

Addr: <host>
Token: <token>

Example without ACL

Addr: http://127.0.0.1:8500

Example with ACL requires token

Addr: http://127.0.0.1:8500
Token: 51047cd1-c243-a969-2bf1-a845405e4da9

Example BackupDestinationFilePathConfiguration Block

Path: "/backup/mysql-default.sql"

Example BackupDestinationFileConfiguration Block

Dir: "/backup/"
Prefix: "mysql-default"
Suffix: "sql"

Example BackupDestinationS3Configuration Block

AWS:

AccessKey: "admin"
SecretKey: "asdfasdf"
Endpoint: "https://minio.example.com"
BucketName: "tergum-backups"
Prefix: "mysql-default"
Suffix: "sql"

Minio:

accessKey: "aws_access_key_id"
secretKey: "aws_secret_access_key"
region: "eu-central-1"
bucketName: "tergum-backups"
prefix: "mysql-default"
suffix: "sql"

Minio with 3 retries:

You can set UploadRetries (default is 0) to retry upload in case of error.

accessKey: "aws_access_key_id"
secretKey: "aws_secret_access_key"
region: "eu-central-1"
bucketName: "tergum-backups"
prefix: "mysql-default"
suffix: "sql"
UploadRetries: 3

Example BackupDestinationAzureBlobConfiguration Block

AccountName: account_name
AccountKey: account_key
ContainerName: container_name
Prefix: "mysql-default"
Suffix: "sql"

Example BackupDestinationTelegramConfiguration Block

BotToken: "123456789:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"
ChatID: -123456789
FileName: "backup.sql"

example

Notification Block

Backends: {
  Email:  <NotificationBackendEmail>
Target:
  - <NotificationTarget>
  - <NotificationTarget>
  - ...

Example NotificationBackendEmail Block

SmtpHost: "mail.example.com"
SmtpPort: "25"
Usename: "aaa"
Password: "aaa/bbb"
From: "[email protected]"

NotificationTarget Block

Email: <NotificationEmailTarget>
SlackWebhook: <NotificationSlackWebhookTarget>
Telegram: <NotificationTelegramTarget>

Example NotificationEmailTarget Block

Emails:
  - [email protected]
  - [email protected]
SendOK: false
  • SendOK=true will send email notification for all tergum runs (failed & OK runs)

Example NotificationSlackWebhookTarget Block

URLs:
  - https://hooks.slack.com/services/xxx/yyy/zzz
SendOK: false
  • SendOK=true will send email notification for all tergum runs (failed & OK runs)

Example NotificationTelegramTarget Block

BotToken: "123456789:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"
ChatIDs: -123456789
SendOK: false

example

  • SendOK=true will send email notification for all tergum runs (failed & OK runs)

Cloud Block

Email: <email of tergum cloud account>

Settings Block

  • UseDoBackupV2 - use new backup processor (default is false)
  • ExtraName - extra name for backup file (for example "my-backup") - default is empty
Settings:
  UseDoBackupV2: true
  ExtraName: "my-backup"

Telemetry Block

  • Origin - origin of custom telemetry api
  • Disable - disable telemetry
  • Name - name of the instance in telemetry
  • CollectHostData - collect host data (hostname, os, arch, cpu, memory)
  • CollectBackupLog - collect backup log (backup log is sent to telemetry api)
Telemetry:
  Origin: "tergum-telemetry-api.corp.com"
  Disable: true
  Name: "my-tergum"
  CollectHostData: true
  CollectBackupLog: true

Tergum Utils

tergum utils cron

Simple cron scheduler in Tergum

tergum utils cron <cron-expression> <command> [args...]

Example usage:

tergum utils cron "0 0 * * *" -- tergum backup -c tergum.yml

Current Project State

Backup Sources

  • SingleFile
  • Files (Dir)
  • Postgres
  • PostgresServer
  • MySQL
  • MySQLServer
  • Oracle (Enterprise)
  • S3
  • Ceph RBD
  • CephFS
  • MongoDB
  • Gitlab
  • Proxmox
  • Kubernetes Resource
    • Kubernetes TLS Secret
  • Container Image
  • Redis
  • Notion
  • FTP Server (for old school hostings)
  • Hashicorp Vault
  • Hashicorp Consul
  • Dummy (for testing)

Passwords Sources

  • YAML
  • Environment Variables
  • Hashicorp Vault
  • AWS Secrets Manager
  • Azure Key Vault

Backup Processors

  • GZIP Compression
  • Symmetric Encryption
  • AsymmetricEncryption
  • GPG Encryption
  • GPG Signatures

Backup Storage

  • Files
  • S3
  • Tergum Cloud
  • Azure Blob
  • GCS (Google Cloud Storage)
  • Container Registry
  • Telegram

Notification

  • Email
  • Slack
  • Telegram
  • Microsoft Teams
  • Pagerduty

About

Tergum is simple tool provides centralized backup solution with multiple sources (databases, files, S3, ...) and multiple backup storages (S3, filesystem, ...)

Topics

mysql backup restore restore-database s3 backup-tool backup-database

Resources

Readme
Activity
Custom properties

Stars

49 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 65

v0.42.0 Latest
Oct 4, 2025
+ 64 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages