Private, encrypted backups that just work.
Zero-knowledge. Time-travel restore. Set it and forget it.
Your files are precious. Your AI agent's memory. Your dotfiles. Your configs. Your writing.
One bad edit. One corrupted file. One accidental delete. Gone.
Cloud backups? They can read your data. Time Machine? No encryption. Manual exports? You'll forget.
You need backups that are automatic, encrypted, and private.
ClawKeep gives you continuous, encrypted backups with full version history. Every change is captured. Every version is recoverable. Everything is AES-256 encrypted before it leaves your machine.
clawkeep init → start protecting a directory
clawkeep watch → auto-backup every change (encrypted)
clawkeep restore → go back to any point in time
Three commands. Your files are protected forever. Nobody can read them but you.
ClawKeep is built on a simple principle: your data is yours.
- AES-256-GCM encryption — Military-grade encryption for all backups
- Zero-knowledge — Your backup target only sees numbered
.encchunks - No file names leaked — Directory structure, file names, everything encrypted
- Local-first — Works entirely offline, no account required
- Open source — Audit the code yourself
What your NAS/cloud sees: What's actually inside:
├── chunk-000001.enc ├── MEMORY.md
├── chunk-000002.enc ├── config/
├── manifest.enc │ ├── secrets.yaml
│ └── api-keys.json
└── notes/
└── journal.md
Your backup target learns nothing. Not file names, not sizes, not structure. Just opaque encrypted blobs.
npm install -g clawkeepcd ~/my-important-files
clawkeep init✔ ClawKeep initialized!
🐾 Directory is now protected
Tracked 42 files
Backup a8f3c2d1
# Set it and forget it — runs in background
clawkeep watch --daemonDone. Every file change is now automatically versioned and ready for encrypted backup.
Send your encrypted backups anywhere. They can't read them anyway.
# Set your encryption password (once)
clawkeep backup set-password
# Back up to a local path (NAS, external drive, USB)
clawkeep backup local /mnt/nas/backups
# Sync — only new changes are uploaded
clawkeep backup sync
# Check backup status
clawkeep backup statusYour backup target receives encrypted chunks only. No metadata. No history. Nothing useful without your password.
| Target | Status | Description |
|---|---|---|
| Local path | ✅ Available | Any mounted folder — NAS, USB drive, network share |
| S3 / R2 | ✅ Available | Object storage (Cloudflare R2, AWS S3, MinIO, Backblaze B2, Wasabi) |
| ClawKeep Cloud | ✅ Available | Managed zero-knowledge backup with browser-based setup |
The easiest way to get started. Your encryption password is set in the browser — the CLI never sees it.
# Connect to ClawKeep Cloud
clawkeep cloud setup
# Opens browser → log in → set your encryption password
# CLI receives only the encrypted key material, never the password✔ Authorization received
✓ Connected to ClawKeep Cloud
Workspace ws_01abc123...
What's next:
$ clawkeep watch --sync --daemon
Security: The encryption key is derived in your browser. Your plaintext password never leaves the browser, never hits our API, and the CLI never sees it. We store only encrypted chunks — true zero-knowledge.
# Start auto-syncing (no password in environment needed!)
clawkeep watch --sync --daemon# Configure S3-compatible target
clawkeep backup s3 \
--endpoint https://your-account.r2.cloudflarestorage.com \
--bucket my-backups \
--access-key AKIAIOSFODNN7EXAMPLE \
--secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
--region auto \
--prefix clawkeep/
# Or use environment variables for credentials
export CLAWKEEP_S3_ACCESS_KEY=your-access-key
export CLAWKEEP_S3_SECRET_KEY=your-secret-key
clawkeep backup s3 --endpoint https://... --bucket my-backups
# Sync encrypted chunks to S3
clawkeep backup syncWorks with any S3-compatible service: Cloudflare R2 (zero egress fees), AWS S3, Backblaze B2, MinIO, Wasabi, and more.
| Command | What it does |
|---|---|
clawkeep init |
Start protecting a directory |
clawkeep watch |
Auto-backup on file changes. --daemon for background |
clawkeep snap |
Manual backup with optional -m "message" |
clawkeep log |
Browse your backup timeline |
clawkeep restore <ref> |
Time-travel to any backup |
clawkeep diff |
See what changed since last backup |
clawkeep backup |
Manage encrypted backup targets |
clawkeep backup sync |
Push encrypted backup to target |
clawkeep backup restore |
Restore from encrypted backup |
clawkeep export |
Portable encrypted archive |
clawkeep import |
Restore from encrypted archive |
clawkeep status |
Show protection stats |
clawkeep ui |
Launch the web dashboard |
A clean, dark-themed dashboard to manage your backups visually.
clawkeep ui --daemon --port 3333Four tabs, everything you need:
- ◉ Dashboard — Protection status, recent changes, pending files
- ↻ History — Full timeline with diffs, compare any two points
- ☁ Backup — Configure targets, sync, download encrypted exports
- ≡ Browse — File browser with time-travel — view any file at any point
Also includes:
- 🎨 Syntax highlighting for code files
- ✏️ Named backups from the UI
- ⏪ One-click restore to any backup
- 🔐 Token-based auth
The killer feature. Continuous protection without thinking about it:
# Foreground (see live output)
clawkeep watch
# Background daemon (survives terminal close)
clawkeep watch --daemon
# Stop the daemon
clawkeep watch --stop
# Auto-sync to backup target after each change
clawkeep watch --sync --daemonSmart debouncing, stability detection, configurable ignore patterns. Your files are continuously protected.
When using ClawKeep Cloud, the watch daemon doesn't need your password in the environment. The encrypted key material is stored locally during cloud setup — the daemon uses it automatically.
# No CLAWKEEP_PASSWORD needed!
clawkeep watch --sync --daemon
# Works with PM2, systemd, or any process manager
pm2 start "clawkeep watch --sync" --name clawkeep-watchFor local/S3 targets, run clawkeep backup set-password once to store the encrypted key material, then the daemon works the same way.
Go back to any point in time. Your current state is preserved — nothing is ever lost.
# See the timeline
clawkeep log
# Restore to a specific backup
clawkeep restore abc123f
# Restore to 3 backups ago
clawkeep restore HEAD~3Restores are non-destructive — your full history is always intact.
Take your backups anywhere with encrypted exports:
# Create encrypted archive
clawkeep export -p "your-password"
# → my-project.clawkeep.enc
# Restore on another machine
clawkeep import backup.clawkeep.enc -p "your-password"One file. Fully encrypted. Restore anywhere.
ClawKeep was originally built to protect AI agent workspaces — memory files, personality configs, conversation history. One bad inference and your agent's identity is gone.
| Framework | What to protect |
|---|---|
| Clawdbot | MEMORY.md, SOUL.md, IDENTITY.md, daily notes |
| Claude Code | CLAUDE.md, project context, artifacts |
| CrewAI | Agent memory, task outputs, crew configs |
| AutoGPT | Agent state, workspace, memory |
| Any agent | Memory, config, state files |
ClawKeep ships with a SKILL.md that AI agents can read and follow autonomously.
AI agents are the origin story, but ClawKeep protects anything:
- Dotfiles —
~/.config, shell rc files, SSH configs - Writing — Manuscripts, notes, journals
- Configs — Server configs, infrastructure as code
- Development — Project files, local databases
- Any directory — If it changes, ClawKeep can protect it
Sensible defaults out of the box:
# .clawkeepignore (auto-generated)
node_modules/
__pycache__/
dist/
.env
*.logAdd your own patterns. Large files and build artifacts stay out automatically.
const { ClawKeep } = require('clawkeep');
const claw = new ClawKeep('/path/to/project');
await claw.init();
// Create backup
const snap = await claw.snap('before risky changes');
// Browse history
const history = await claw.log(10);
// Restore
await claw.restore('abc123');
// Time-travel file access
const oldContent = await claw.showFileAtCommit('abc123', 'config.yaml');- S3 / R2 / MinIO backend
-
clawkeep.com— zero-knowledge cloud backup - End-to-end encrypted team sharing
- Webhooks on file changes
- Mobile app for backup status
MIT — ClawKeep 🐾
Your files. Your encryption keys. Your privacy.