Database Servers
Database servers are the source of your backups. Databasement can connect to and backup MySQL, PostgreSQL, MariaDB, MongoDB, SQLite, and Redis/Valkey servers.
Supported Versions
Databasement uses standard CLI tools to perform backup and restore operations. The table below shows which database engine versions are supported, based on the CLI tools shipped in the Docker image.
| Engine | Supported Versions | CLI Tool | Restore |
|---|---|---|---|
| MySQL | 5.6, 5.7, 8.x, 9.x | mariadb-dump | Yes |
| MariaDB | 10.x, 11.x, 12.x | mariadb-dump | Yes |
| PostgreSQL | 12, 13, 14, 15, 16, 17, 18 | pg_dump v18 | Yes |
| MongoDB | 4.2, 4.4, 5.0, 6.0, 7.0, 8.0 | mongodump / mongorestore | Yes |
| SQLite | 3.x | File copy | Yes |
| Redis | 2.8+ | redis-cli --rdb | No |
| Valkey | 7.2+ | redis-cli --rdb | No |
- MySQL / MariaDB: Databasement ships the MariaDB 11.4 client (
mariadb-dump), which is wire-protocol compatible with MySQL servers. - PostgreSQL: The
pg_dumpv18 client can dump from any server version back to 9.2. Versions below 12 have reached end-of-life and are not recommended. - MongoDB: The MongoDB Database Tools (
mongodump/mongorestore) officially support server versions 4.2 through 8.0. - SQLite: Backups are performed by copying the database file over SFTP. The SQLite 3.x file format has been backwards-compatible since 3.0.0 (2004).
- Redis / Valkey:
redis-cli --rdbcreates a point-in-time RDB snapshot via the replication protocol. Valkey 7.2+ is supported as a drop-in replacement for Redis. Restore is not supported.
Connection Requirements
MySQL / MariaDB
Creating the user
CREATE USER 'databasement'@'%' IDENTIFIED BY 'your_secure_password';
Permissions for backup and restore (all databases)
GRANT SELECT, SHOW VIEW, TRIGGER, LOCK TABLES, PROCESS, EVENT, RELOAD,
CREATE, DROP, ALTER, INDEX, INSERT, UPDATE, DELETE, REFERENCES
ON *.* TO 'databasement'@'%';
FLUSH PRIVILEGES;
To restrict the user to a single database, replace *.* with database_name.*. Note that with single-database permissions, the user cannot create or drop the database itself - you'll need to ensure the target database exists before restoring.
PostgreSQL
Creating the user
CREATE USER databasement WITH PASSWORD 'your_secure_password';
Permissions for backup and restore (all databases)
For full backup and restore capabilities, the user needs elevated privileges. The method depends on your PostgreSQL setup:
Self-hosted PostgreSQL
-- Option 1: Superuser (full access)
ALTER USER databasement WITH SUPERUSER;
-- Option 2: Create database privilege (can create/drop databases for restore)
ALTER USER databasement WITH CREATEDB;
AWS RDS PostgreSQL
RDS doesn't allow SUPERUSER. Grant the rds_superuser role instead:
GRANT rds_superuser TO databasement;
Azure Database for PostgreSQL
Azure uses the azure_pg_admin role:
GRANT azure_pg_admin TO databasement;
Additional grants for non-superuser setups
If not using superuser/rds_superuser/azure_pg_admin, grant access to existing databases:
-- Grant ownership or full privileges on the database
GRANT ALL PRIVILEGES ON DATABASE database_name TO databasement;
-- Connect to the database and grant schema access
\c database_name
GRANT ALL PRIVILEGES ON SCHEMA public TO databasement;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO databasement;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO databasement;
For single-database access without CREATEDB, the target database must already exist. Grant ALL PRIVILEGES on that specific database and its schema. The user won't be able to drop/recreate the database during restore - Databasement will drop and recreate tables instead.
MongoDB
MongoDB uses the mongodump and mongorestore CLI tools for backup and restore operations.
Connection settings
| Field | Description |
|---|---|
| Host | MongoDB server hostname or IP |
| Port | MongoDB port (default: 27017) |
| Username | Database user (optional for unauthenticated instances) |
| Password | User password |
| Auth Source | Authentication database (default: admin) |
Creating a backup user
use admin
db.createUser({
user: "databasement",
pwd: "your_secure_password",
roles: [
{ role: "readAnyDatabase", db: "admin" },
{ role: "backup", db: "admin" },
{ role: "restore", db: "admin" }
]
})
The admin, local, and config system databases are automatically excluded from the database list.
Redis / Valkey
Redis and Valkey instances are backed up using redis-cli --rdb, which creates a point-in-time RDB snapshot of the entire dataset.
Connection settings
| Field | Description |
|---|---|
| Host | Redis server hostname or IP |
| Port | Redis port (default: 6379) |
| Username | ACL username (optional, Redis 6+) |
| Password | Server password or ACL user password |
Redis/Valkey supports backup only. Restore is not currently supported due to the nature of RDB file imports, which require direct server access.
SQLite
SQLite databases are backed up by copying the database file directly. Databasement connects to the remote server via SFTP (through an SSH tunnel) to access the file.
Connection settings
| Field | Description |
|---|---|
| Database paths | One or more absolute paths to .sqlite files on the remote server |
SQLite requires an SSH tunnel to access remote database files. Databasement uses SFTP over the tunnel to copy and restore files.
Troubleshooting Connection Issues
Common Connection Issues
| Error | Solution |
|---|---|
| Connection refused | Verify host, port, and that the database server is running |
| Access denied | Check username and password |
| Unknown host | Verify the hostname is correct and DNS is resolving |
| Connection timeout | Check firewall rules and network connectivity |
Docker Networking
When running Databasement in Docker and connecting to databases in other containers, you need to ensure network connectivity between them.
Containers in Different docker-compose Projects
By default, each docker-compose project creates its own isolated network. To connect to a database in another project:
Option 1: Use an external network (recommended)
-
Create a shared network:
docker network create shared-db-network -
In your application database's
docker-compose.yml, add the external network:services:
mysql:
# ... your config
networks:
- default
- shared-db-network
networks:
shared-db-network:
external: true -
In Databasement's
docker-compose.yml, add the same network:services:
app:
# ... your config
networks:
- default
- shared-db-network
worker:
# ... your config
networks:
- default
- shared-db-network
networks:
shared-db-network:
external: true -
Restart both projects and use the container name as the host (e.g.,
mysql).
Option 2: Connect to an existing network
Find the network name of your database container:
docker network ls
docker inspect <container_name> | grep -A 20 "Networks"
Then connect Databasement to that network:
networks:
other-project_default:
external: true
Standalone Docker Containers (no docker-compose)
For containers started with docker run:
-
Create a network if you don't have one:
docker network create my-network -
Start your database container on that network:
docker run -d --name mysql --network my-network mysql:8 -
Connect Databasement to the same network:
docker network connect my-network databasement-app -
Use the container name (
mysql) as the host in Databasement.
Using Host Network Mode
If your database is accessible on the host machine (e.g., installed directly or exposed via port mapping), you can use host network mode:
services:
app:
network_mode: host
Then use localhost or 127.0.0.1 as the host. Note that this disables Docker's network isolation.
Connecting to Host Machine's Database
If your database runs directly on the host machine (not in Docker):
| Platform | Host to use |
|---|---|
| Linux | 172.17.0.1 or host.docker.internal (Docker 20.10+) |
| macOS/Windows | host.docker.internal |
Example: If MySQL is running on your laptop on port 3306, use host.docker.internal:3306.
Firewall Considerations
Ensure your firewall allows connections:
- Docker networks: Usually handled automatically
- Host firewall (iptables/ufw): May need rules for Docker bridge networks
- Cloud firewalls (AWS Security Groups, etc.): Add inbound rules for the database port
SSH Tunnel
Connect to databases in private networks through a bastion/jump server. Enable this when the database isn't directly accessible from Databasement.
| Field | Description |
|---|---|
| SSH Host | Bastion server hostname or IP |
| SSH Port | SSH port (default: 22) |
| SSH Username | SSH user |
| Auth Type | Password or Private Key (with optional passphrase) |
Databasement establishes the tunnel before each backup/restore operation and closes it when complete. Sensitive credentials are encrypted at rest.