Resistro Cloud Documentation
Resistro Cloud is a managed backup service for PostgreSQL and MariaDB/MySQL databases. EU-hosted, E2E encrypted, starting at 19€/month.
Quick Start
Get your first backup running in under 5 minutes:
# 1. Install resistro (the backup binary) curl -fsSL https://resistro.org/install.sh | sh # 2. Install the cloud agent curl -fsSL https://cloud.resistro.org/install-agent.sh | sh # 3. Connect to Resistro Cloud resistro-agent --api-key YOUR_API_KEY --server https://cloud.resistro.org # That's it. Backups run automatically every hour.
Install the Agent
The agent is a lightweight binary (8.5 MB) that runs alongside your resistro installation. It connects to cloud.resistro.org, reports backup status, and optionally uploads encrypted backups.
# Download (Linux amd64)
wget https://cloud.resistro.org/download/resistro-agent-linux-amd64
chmod +x resistro-agent-linux-amd64
mv resistro-agent-linux-amd64 /usr/local/bin/resistro-agent
Connect to Cloud
Find your API key in the dashboard under "API Key".
# Run interactively resistro-agent --api-key rst_your_key_here # Run as systemd service cat > /etc/systemd/system/resistro-agent.service <<EOF [Unit] Description=Resistro Cloud Agent After=network.target [Service] ExecStart=/usr/local/bin/resistro-agent --api-key rst_your_key_here --interval 1h Restart=always RestartSec=10 [Install] WantedBy=multi-user.target EOF systemctl enable --now resistro-agent
Agent Options
| Flag | Env | Default | Description |
|---|---|---|---|
--api-key | RESISTRO_API_KEY | required | Your API key from the dashboard |
--server | RESISTRO_SERVER | https://cloud.resistro.org | Server URL |
--interval | 1h | Backup interval | |
--resistro | RESISTRO_PATH | resistro | Path to resistro binary |
--encryption-key | RESISTRO_ENCRYPTION_KEY | auto-generated | Hex-encoded 256-bit AES key |
--upload | true | Upload backups to cloud storage |
Important: If no encryption key is set, the agent generates one on first run. Save this key! You need it to restore your backups. Without it, your data is unrecoverable.
Register / Login
Create an account at cloud.resistro.org or via API:
# Register curl -X POST https://cloud.resistro.org/api/v1/auth/register \ -H "Content-Type: application/json" \ -d '{"email":"you@example.com","password":"secret","name":"Your Name"}' # Login curl -X POST https://cloud.resistro.org/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"you@example.com","password":"secret"}'
Both return a JWT token and your API key.
Manage Databases
# Add a database curl -X POST https://cloud.resistro.org/api/v1/databases \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"myapp_prod","engine":"postgresql"}' # List databases curl https://cloud.resistro.org/api/v1/databases \ -H "Authorization: Bearer YOUR_TOKEN"
View Backups
# List all backups curl https://cloud.resistro.org/api/v1/backups \ -H "Authorization: Bearer YOUR_TOKEN" # Filter by database curl "https://cloud.resistro.org/api/v1/backups?database_id=UUID" \ -H "Authorization: Bearer YOUR_TOKEN" # Dashboard overview curl https://cloud.resistro.org/api/v1/dashboard \ -H "Authorization: Bearer YOUR_TOKEN"
Configure Alerts
# Add email alert (on failure + anomaly) curl -X POST https://cloud.resistro.org/api/v1/alerts \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"channel":"email","target":"ops@example.com"}' # Add Slack webhook curl -X POST https://cloud.resistro.org/api/v1/alerts \ -H "Authorization: Bearer YOUR_TOKEN" \ -H "Content-Type: application/json" \ -d '{"channel":"slack","target":"https://hooks.slack.com/services/xxx","on_success":true}' # List alerts curl https://cloud.resistro.org/api/v1/alerts \ -H "Authorization: Bearer YOUR_TOKEN" # Delete alert curl -X DELETE https://cloud.resistro.org/api/v1/alerts/ALERT_ID \ -H "Authorization: Bearer YOUR_TOKEN"
Alert channels: email, slack, teams, webhook
Toggles: on_failure (default: true), on_success (default: false), on_anomaly (default: true)
API Reference: Authentication
| Endpoint | Auth | Description |
|---|---|---|
| POST/api/v1/auth/register | None | Create account |
| POST/api/v1/auth/login | None | Login, get JWT |
API Reference: Databases
| Endpoint | Auth | Description |
|---|---|---|
| GET/api/v1/databases | JWT | List databases |
| POST/api/v1/databases | JWT | Add database |
API Reference: Backups
| Endpoint | Auth | Description |
|---|---|---|
| GET/api/v1/backups | JWT | List backups (?database_id= filter) |
| GET/api/v1/dashboard | JWT | Stats overview |
API Reference: Alerts
| Endpoint | Auth | Description |
|---|---|---|
| GET/api/v1/alerts | JWT | List alert configs |
| POST/api/v1/alerts | JWT | Create alert config |
| DELETE/api/v1/alerts/{id} | JWT | Delete alert config |
API Reference: Agent
| Endpoint | Auth | Description |
|---|---|---|
| POST/api/v1/agent/heartbeat | API Key | Agent heartbeat |
| POST/api/v1/agent/backup/start | API Key | Start backup record |
| POST/api/v1/agent/backup/complete | API Key | Complete backup record |
| PUT/api/v1/agent/backup/{id}/upload | API Key | Upload encrypted backup data |
Agent endpoints use X-API-Key header. Dashboard endpoints use Authorization: Bearer TOKEN.
Encryption
All backups uploaded to Resistro Cloud are encrypted before leaving your server using AES-256-CTR with a random IV per backup. The encryption key never leaves your machine.
# Your key is generated on first agent run: RESISTRO_ENCRYPTION_KEY=a1b2c3d4...hex... # Save it! Without this key, your backups are unrecoverable. # We cannot decrypt your backups — by design.
Storage Backends
Resistro Cloud supports multiple storage backends:
| Backend | Description | Plan |
|---|---|---|
local | Hetzner Storage Box (default) | All plans |
s3 | S3-compatible (AWS, MinIO, Wasabi) | Business+ |
sftp | SFTP server (bring your own) | Business+ |
© 2026 Resistro · resistro.org · Dashboard