docs/cli/backup.md
openclaw backupCreate a local backup archive for OpenClaw state, config, auth profiles, channel/provider credentials, sessions, and optionally workspaces.
openclaw backup create
openclaw backup create --output ~/Backups
openclaw backup create --dry-run --json
openclaw backup create --verify
openclaw backup create --no-include-workspace
openclaw backup create --only-config
openclaw backup verify ./2026-03-09T00-00-00.000Z-openclaw-backup.tar.gz
manifest.json file with the resolved source paths and archive layout..tar.gz archive in the current working directory.openclaw backup verify <archive> validates that the archive contains exactly one root manifest, rejects traversal-style archive paths, and checks that every manifest-declared payload exists in the tarball.openclaw backup create --verify runs that validation immediately after writing the archive.openclaw backup create --only-config backs up just the active JSON config file.openclaw backup create plans backup sources from your local OpenClaw install:
~/.openclawcredentials/ directory when it exists outside the state directory--no-include-workspaceModel auth profiles are already part of the state directory under
agents/<agentId>/agent/auth-profiles.json, so they are normally covered by the
state backup entry.
If you use --only-config, OpenClaw skips state, credentials-directory, and workspace discovery and archives only the active config file path.
OpenClaw canonicalizes paths before building the archive. If config, the credentials directory, or a workspace already live inside the state directory, they are not duplicated as separate top-level backup sources. Missing paths are skipped.
The archive payload stores file contents from those source trees, and the embedded manifest.json records the resolved absolute source paths plus the archive layout used for each asset.
Installed plugin source and manifest files under the state directory's
extensions/ tree are included, but their nested node_modules/ dependency
trees are skipped. Those dependencies are rebuildable install artifacts; after
restoring an archive, use openclaw plugins update <id> or reinstall the plugin
with openclaw plugins install <spec> --force when a restored plugin reports
missing dependencies.
openclaw backup intentionally bypasses the normal config preflight so it can still help during recovery. Because workspace discovery depends on a valid config, openclaw backup create now fails fast when the config file exists but is invalid and workspace backup is still enabled.
If you still want a partial backup in that situation, rerun:
openclaw backup create --no-include-workspace
That keeps state, config, and the external credentials directory in scope while skipping workspace discovery entirely.
If you only need a copy of the config file itself, --only-config also works when the config is malformed because it does not rely on parsing the config for workspace discovery.
OpenClaw does not enforce a built-in maximum backup size or per-file size limit.
Practical limits come from the local machine and destination filesystem:
.tar.gzopenclaw backup create --verify or run openclaw backup verifyLarge workspaces are usually the main driver of archive size. If you want a smaller or faster backup, use --no-include-workspace.
For the smallest archive, use --only-config.