Feature · Backups

Backups you can actually restore.

Encrypted on your own server, scheduled on a cadence you set, and test-restored to prove they come back. SolidOps only ever holds the ciphertext. Live today for PostgreSQL.

Backups · running
--:--:--demo data
Databases

3

Encrypted

100%

Last run

12m

postgres · primary2.4 GBrestore-verified
postgres · billing840 MBrestore-verified
postgres · analytics5.1 GBintegrity only
encrypted on the box · zero-knowledgelast verify 8m ago
Backups · live

Backups you can actually restore.

Encrypted, scheduled, and verified — the whole point is that the copy comes back when you need it. Here is exactly what ships today.

04 / 04 shipping
BKP-SCHEDLive

Scheduled, on your cadence

Set how often a database is dumped and how long copies are kept. A grandfather-father-son policy keeps the right hourly, daily, weekly, and monthly copies and rolls the rest off on its own.

GivesCadence + retention, per database
  • Hourly to monthly schedules
  • Grandfather-father-son retention
  • Old copies pruned automatically
BKP-CRYPTLive

Encrypted end to end

The dump is encrypted on your server with your workspace key, in chunks, as it streams out. SolidOps only ever receives ciphertext — we never see the plaintext or hold the key. Zero-knowledge, by design.

GivesChunked AES-GCM, encrypted on the box
  • Encrypted before it leaves the server
  • We store ciphertext, never the key
  • Zero-knowledge, not just at-rest
BKP-VERIFYLive

Verified, not just taken

Every dump is integrity-checked, and schedules can opt into a real restore: SolidOps restores the backup into a throwaway container and compares row counts. A backup you have never restored is a guess.

GivesIntegrity check + optional restore-verify
  • Integrity checked every run
  • Real test-restore on a cadence
  • Row-count comparison on restore
BKP-HEALTHLive

Health you get alerted on

Backup freshness rides the same monitoring stack as your endpoints. A stale backup or one that fails to restore opens an incident and sends an alert, exactly like any outage.

GivesA freshness monitor per database
  • Stale backups open an incident
  • Failed restores raise a warning
  • Alerts through your channels
Dump to verified

The plaintext never leaves
your server.

A backup is dumped, encrypted, and hashed on the box, then stored and proven. SolidOps only ever handles ciphertext, so a breach of our storage tells an attacker nothing.

  1. 01

    Dump

    The agent runs pg_dump inside your database's own container, on the schedule you set. It reads the database directly — no credentials handed around, nothing exposed off the box.

  2. 02

    Encrypt

    As the dump streams, the agent encrypts it in chunks with your workspace key and hashes it. What leaves the server is ciphertext and a checksum — SolidOps never sees the contents.

  3. 03

    Store & verify

    The encrypted blob is uploaded straight to object storage, integrity-checked, and — on the cadence you choose — restored into a throwaway container to prove it actually comes back.

Backup · postgres · primary
demo data
Size

2.4 GB

Duration

4m 12s

Verify

passed

  1. 02:00:00DUMPpostgres · primary · pg_dump -Fc started
  2. 02:00:47CRYPTencrypted on host · 2.4 GB · sha-256 ok
  3. 02:00:58STOREuploaded · integrity check passed
  4. 02:04:12VERIFYrestored to throwaway · rows match
  5. 02:04:12HEALTHfreshness monitor · pinged · green
  6. RETAINgfs · pruned 1 copy past retention
Stored & verified ciphertext only

illustrative run · figures are demo data

Recovery, and the one catch

Restore from anywhere. The key is yours alone.

Because SolidOps never holds your key, recovery works from any machine — even if the server and SolidOps are both gone. The flip side is that the key is the whole ballgame, and we tell you so up front.

Recovery survives anything

Download the still-encrypted dump and decrypt it on your laptop with your recovery key, or have the agent decrypt it back onto a box. It works with the source server gone, the provider down, or SolidOps itself unreachable — because the plaintext and the key were never ours to lose.

  • Decrypt from any machine
  • Works fully offline
  • Even an integrity-failed dump is yours
  • The platform never decrypts for you
Guard the recovery key

It is shown exactly once, when you set backups up. There is no reveal and no reset. Lose it and every backup is permanently unrecoverable — that is the zero-knowledge guarantee working as intended, not a gap.

Store it in a password manager the moment it appears, off the box being backed up.

The specifics

What ships today, exactly.

No asterisks on the parts that are real, and no hiding the edges that aren't finished yet.

Engine

PostgreSQL

Containerized databases, discovered on your enrolled servers. More engines are on the way.

Storage

Metered above a base

A base storage allowance is included with the plan. Only what sits past it is billed, monthly.

Verification

In-server restore

A real restore into a throwaway container on the same box, size-limited, with a row-count compare.

Recovery

Yours, anywhere

Download the encrypted blob and decrypt it laptop-side, or have the agent decrypt it back onto the box.

PostgreSQL today · encrypted on the box · verified restores · your key

v0.1 · live now

Take a backup you can trust. Restore it to be sure.

Encrypted, scheduled, verified backups are live now, with freshness that alerts like any outage. Buy the core today, and the rest of the platform lands as it ships.