This documentation is also available at wal-g.readthedocs.io
WAL-G is an archival restoration tool for PostgreSQL, MySQL/MariaDB, and MS SQL Server (beta for MongoDB and Redis).
WAL-G is the successor of WAL-E with a number of key differences. WAL-G uses LZ4, LZMA, or Brotli compression, multiple processors, and non-exclusive base backups for Postgres. More information on the original design and implementation of WAL-G can be found on the Citus Data blog post "Introducing WAL-G by Citus: Faster Disaster Recovery for Postgres".
Table of Contents
A precompiled binary for Linux AMD 64 of the latest version of WAL-G can be obtained under the Releases tab.
Binary name has the following format: wal-g-DBNAME-OSNAME, where DBNAME stands for the name of the database (for example pg, mysql), OSNAME stands for the name of the operating system used for building the binary.
To decompress the binary, use:
tar -zxvf wal-g-DBNAME-OSNAME-amd64.tar.gz
mv wal-g-DBNAME-OSNAME-amd64 /usr/local/bin/wal-g
For example, for Postgres and Ubuntu 18.04:
tar -zxvf wal-g-pg-ubuntu-18.04-amd64.tar.gz
mv wal-g-pg-ubuntu-18.04-amd64 /usr/local/bin/wal-g
For other systems, please consult the Development section for more information.
To configure where WAL-G stores backups, please consult the Storages section.
WALG_COMPRESSION_METHOD
To configure the compression method used for backups. Possible options are: lz4, lzma, brotli. The default method is lz4. LZ4 is the fastest method, but the compression ratio is bad.
LZMA is way much slower. However, it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, which is about 3 times better than LZ4.
YC_CSE_KMS_KEY_ID
To configure Yandex Cloud KMS key for client-side encryption and decryption. By default, no encryption is used.
YC_SERVICE_ACCOUNT_KEY_FILE
To configure the name of a file containing private key of Yandex Cloud Service Account. If not set a token from the metadata service (http://169.254.169.254) will be used to make API calls to Yandex Cloud KMS.
WALG_LIBSODIUM_KEY
To configure encryption and decryption with libsodium. WAL-G uses an algorithm that only requires a secret key. libsodium keys are fixed-size keys of 32 bytes. For optimal cryptographic security, it is recommened to use a random 32 byte key. To generate a random key, you can something like openssl rand -hex 32 (set WALG_LIBSODIUM_KEY_TRANSFORM to hex) or openssl rand -base64 32 (set WALG_LIBSODIUM_KEY_TRANSFORM to base64).
WALG_LIBSODIUM_KEY_PATH
Similar to WALG_LIBSODIUM_KEY, but value is the path to the key on file system. The file content will be trimmed from whitespace characters.
WALG_LIBSODIUM_KEY_TRANSFORM
The transform that will be applied to the WALG_LIBSODIUM_KEY to get the required 32 byte key. Supported transformations are base64, hex or none (default).
The option none exists for backwards compatbility, the user input will be converted to 32 byte either via truncation or by zero-padding.
WALG_GPG_KEY_ID(alternative formWALE_GPG_KEY_ID)⚠️ DEPRECATED
To configure GPG key for encryption and decryption. By default, no encryption is used. Public keyring is cached in the file "/.walg_key_cache".
WALG_PGP_KEY
To configure encryption and decryption with OpenPGP standard. You can join multiline key using \n symbols into one line (mostly used in case of daemontools and envdir).
Set private key value when you need to execute wal-fetch or backup-fetch command.
Set public key value when you need to execute wal-push or backup-push command.
Keep in mind that the private key also contains the public key.
WALG_PGP_KEY_PATH
Similar to WALG_PGP_KEY, but value is the path to the key on file system.
WALG_PGP_KEY_PASSPHRASE
If your private key is encrypted with a passphrase, you should set passphrase for decrypt.
< 8000 div class="markdown-heading" dir="auto">