CLI backup and restore features are crucial when you're running a self-hosted AI agent wallet that controls real funds. Unlike hosted services where recovery is handled by the provider, self-hosted WAIaaS puts you in complete control — which means backup responsibility falls squarely on your shoulders.
When your AI agents are managing crypto transactions autonomously, losing wallet data isn't just inconvenient — it's potentially catastrophic. A hardware failure, accidental deletion, or corrupted database can mean losing access to funds, transaction history, and carefully configured policies that keep your agents operating safely.
Why Self-Hosted Backup Matters
Self-hosted infrastructure offers unparalleled control and privacy, but with great power comes great responsibility. Your WAIaaS instance contains sensitive data: private keys, session tokens, transaction history, and security policies. No external service can recover this for you.
Traditional backup solutions often fall short for crypto applications. Generic file-based backups might capture inconsistent database states, while cloud backups expose private keys to third parties — defeating the purpose of self-hosting in the first place.
WAIaaS Backup Architecture
WAIaaS includes built-in backup and restore commands designed specifically for crypto wallet infrastructure. The CLI provides 20 commands total, including three dedicated to data protection: backup create, backup inspect, and backup list.
The backup system captures your complete WAIaaS state:
# Create a complete backup
waiaas backup create --output ./backups/
# List all available backups
waiaas backup list
# Inspect backup contents without restoring
waiaas backup inspect ./backups/waiaas-backup-2026-05-13T10-30-45Z.tar.gz
Each backup is a compressed archive containing encrypted wallet data, configuration files, policy definitions, and transaction history. The system ensures database consistency by taking point-in-time snapshots.
Creating Your First Backup
Setting up automated backups starts with understanding your current WAIaaS installation. Whether you're running via Docker or native installation, the backup process remains consistent:
# Check current status
waiaas status
# Create immediate backup
waiaas backup create --output ./secure-backups/
# Create backup with custom name
waiaas backup create --output ./backups/ --name "pre-upgrade-backup"
The backup command creates a timestamped archive containing:
- Encrypted private keys for all wallets
- Database with transaction history
- Policy configurations and security rules
- Session management state
- Configuration files and environment settings
For Docker deployments, backups capture the complete /data volume state, ensuring nothing is lost between container updates or migrations.
Automated Backup Strategy
Production self-hosted setups require automated backup schedules. Here's a robust approach using cron and the WAIaaS CLI:
#!/bin/bash
# backup-script.sh
BACKUP_DIR="/secure/waiaas-backups"
RETENTION_DAYS=30
# Create backup
waiaas backup create --output "$BACKUP_DIR"
# Cleanup old backups (keep last 30 days)
find "$BACKUP_DIR" -name "waiaas-backup-*.tar.gz" -mtime +$RETENTION_DAYS -delete
# Optional: Upload to secure off-site storage
# rsync -av "$BACKUP_DIR/" user@backup-server:/encrypted-storage/waiaas/
Add to crontab for daily execution:
# Daily backup at 3 AM
0 3 * * * /home/waiaas/backup-script.sh >> /var/log/waiaas-backup.log 2>&1
The 7-stage transaction pipeline ensures backups capture consistent state even during active trading operations.
Disaster Recovery and Restoration
When disaster strikes, the restore process gets your WAIaaS instance back online quickly. The restoration command handles database reconstruction, key decryption, and configuration restoration:
# Restore from backup
waiaas restore ./backups/waiaas-backup-2026-05-13T10-30-45Z.tar.gz
# Restore to specific directory
waiaas restore ./backups/latest-backup.tar.gz --data-dir /custom/path
The restore process:
- Validates backup integrity and checksums
- Stops any running WAIaaS processes
- Reconstructs the database from backup
- Restores encrypted wallet keys
- Rebuilds configuration files
- Verifies wallet accessibility
After restoration, verify your setup:
waiaas status
waiaas wallet info # Check wallet accessibility
Docker Backup Considerations
Docker deployments require special attention to volume management. The official WAIaaS Docker image (ghcr.io/minhoyoo-iotrust/waiaas:latest) stores all data in the /data volume.
For container-based backups:
# docker-compose.yml backup service
services:
waiaas-backup:
image: ghcr.io/minhoyoo-iotrust/waiaas:latest
volumes:
- waiaas-data:/data:ro
- ./backups:/backups
command: ["backup", "create", "--output", "/backups"]
depends_on:
- daemon
This approach ensures backups run in the same environment as your main daemon, with identical library versions and dependencies.
Security Best Practices
Backup security requires multiple layers of protection. WAIaaS backups contain encrypted private keys, but additional precautions strengthen your security posture:
Encryption at Rest: Store backups on encrypted filesystems. Use tools like LUKS on Linux or FileVault on macOS.
Access Controls: Restrict backup file permissions to owner-only:
chmod 600 ./backups/*.tar.gz
chown waiaas:waiaas ./backups/
Geographic Distribution: Store copies in multiple physical locations. Use encrypted cloud storage or secure off-site servers.
Verification: Regular restore testing ensures backups remain viable:
# Test restore in isolated environment
waiaas backup inspect ./test-backup.tar.gz
The 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL) and 21 policy types are preserved during backup/restore cycles, maintaining your security configuration.
Integration with Monitoring
Production self-hosted setups benefit from backup monitoring integration. The CLI returns proper exit codes for automation:
#!/bin/bash
if waiaas backup create --output ./backups/; then
echo "Backup successful" | mail -s "WAIaaS Backup OK" admin@yourdomain.com
else
echo "Backup failed - check immediately" | mail -s "WAIaaS Backup FAILED" admin@yourdomain.com
exit 1
fi
For comprehensive monitoring, consider integrating with systems like Prometheus or simple health check services that verify backup freshness.
Quick Start: Bulletproof Backup Setup
Here's a minimal setup for production-grade backup protection:
- Install WAIaaS CLI and verify operation:
npm install -g @waiaas/cli
waiaas status
- Create secure backup directory:
mkdir -p /secure/waiaas-backups
chmod 700 /secure/waiaas-backups
- Test manual backup:
waiaas backup create --output /secure/waiaas-backups/
waiaas backup list
- Setup automated schedule:
(crontab -l 2>/dev/null; echo "0 3 * * * waiaas backup create --output /secure/waiaas-backups/") | crontab -
- Test disaster recovery:
waiaas backup inspect /secure/waiaas-backups/waiaas-backup-*.tar.gz
Your self-hosted WAIaaS instance now has enterprise-grade backup protection without relying on external services or exposing sensitive data to third parties.
For readers managing multiple wallets or complex DeFi strategies, consider exploring Policy Engine Configuration: 21 Rules to Keep Your AI Trading Bot Safe and Docker Deployment Guide: Self-Host Your AI Agent Wallet in 5 Minutes.
What's Next
Master your self-hosted setup by implementing monitoring dashboards and exploring the 39 REST API routes for custom integrations. The combination of robust backups and comprehensive APIs gives you complete control over your AI agent infrastructure.
Ready to take full control of your AI agent wallet infrastructure? Get started with WAIaaS on GitHub or visit the official documentation for advanced configuration guides.
Top comments (0)