packages/twenty-docs/developers/self-host/capabilities/upgrade-guide.mdx
Always back up your database before starting the upgrade process by running:
docker exec -it {db_container_name_or_id} pg_dumpall -U {postgres_user} > databases_backup.sql
To restore from backup:
cat databases_backup.sql | docker exec -i {db_container_name_or_id} psql -U {postgres_user}
If you use Docker Compose, follow these steps:
docker compose downTAG value in the .env file next to your docker-compose.ymldocker compose up -dThe server runs all required upgrade migrations automatically on startup. No manual command is needed.
Starting from v1.22, Twenty supports cross-version upgrades. You can jump directly from any supported version to the latest release without stepping through each intermediate version.
For example, upgrading from v1.22 straight to v2.0 is fully supported.
Starting in v2.5, Twenty stores at-rest secrets (OAuth tokens, application variables, signing-key private keys, sensitive config values, TOTP secrets) inside a versioned enc:v2: envelope encrypted with ENCRYPTION_KEY (or APP_SECRET if ENCRYPTION_KEY is unset).
The first boot on v2.5 runs slow upgrade commands that backfill existing rows into the new envelope. They are idempotent — interrupting and restarting the server resumes from where it left off — but they can take a while on large databases. You can monitor progress with upgrade:status.
You should set a dedicated ENCRYPTION_KEY before the v2.5 upgrade so the backfill writes rows under it from the start. Switching keys after the backfill requires a rotation.
For day-to-day operational tasks like rotating ENCRYPTION_KEY, rotating the JWT signing key, or revoking a leaked signing key, see the dedicated Key rotation guide.
The upgrade:status command lets you inspect the current state of your instance and workspace migrations. It is useful for debugging upgrade issues or when filing a support request.
Run it from the server container:
docker exec -it {server_container_name_or_id} yarn command:prod upgrade:status
Example output:
APP_VERSION: v1.23.0
Instance
Inferred version: 1.23.0
Latest command: 1.23.0_DropWorkspaceVersionColumnFastInstanceCommand_1785000000000
Status: Up to date
Executed by: v1.23.0
At: 2026-04-16T11:43:58.823Z
Workspace
Apple (20202020-1c25-4d02-bf25-6aeccf7ea419)
Inferred version: 1.23.0
Latest command: 1.23.0_UpdateGlobalObjectContextCommandMenuItemsCommand_1780000005000
Status: Up to date
Executed by: v1.23.0
At: 2026-04-16T11:44:09.361Z
Summary
Instance: Up to date
Workspaces: 1 up to date, 0 behind, 0 failed (1 total)
| Flag | Description |
|---|---|
-w, --workspace-id <id> | Filter to a specific workspace. Can be passed multiple times. |
-f, --failed-only | Hide up-to-date workspaces, only show behind and failed entries. |
If the upgrade fails on some workspaces, the server will not advance past the failing step. Restarting the server (docker compose up -d) will retry the upgrade from where it left off.
To quickly identify problems, run:
docker exec -it {server_container_name_or_id} yarn command:prod upgrade:status --failed-only
This shows only workspaces that are behind or have failed, along with the error message for each failure.
If your instance is older than v1.22, you must upgrade incrementally through each major tagged version (v1.6 to v1.7, then v1.7 to v1.8, and so on) until you reach v1.22. From there, you can jump directly to the latest version.