Skip to content
Last updated July 2, 2026

Offsite Backups

Offsite Backups is the paid add-on that lifts your backups off the host and stores them in HostAtlas’ Hetzner-hosted S3 bucket — end-to-end encrypted and gated by the same entropy check that powers ransomware detection.

Open it from the sidebar under Monitoring → Offsite Backups, or at /offsite-backups.

The list shows every offsite backup that has completed uploading, newest first:

  • Original filename — the file on the source host.
  • Server — the host it came from.
  • Size — after compression.
  • Uploaded at — completion timestamp.
  • Encryption — whether HostAtlas encrypted it, or the file was flagged pre-encrypted and uploaded as-is.
  • Restore — queue a restore of the archive back to the origin host. The agent downloads, decrypts, and drops the file into /tmp/<original-filename>. From there you decide what to do with it.
  • Delete — remove the archive from S3 and from the list. Deletion is best-effort on the S3 side; if the S3 call fails the record is still removed.

Offsite Backups extends the same agent-side backup path monitoring described on Backups. When a path is enrolled in offsite:

  1. The agent reads the newest backup file from the configured path.
  2. If the entropy check flags it as HIGH or CRITICAL suspicion — the ransomware signal — the upload is refused. You will not overwrite a healthy remote copy with an encrypted one.
  3. If the path is flagged as intentionally pre-encrypted (GPG, age, etc.), the file is uploaded as-is with no double encryption.
  4. Otherwise the file is encrypted client-side, streamed to Hetzner S3, and the metadata (name, size, timestamps, encryption mode) is stored in HostAtlas.

Keys are per-tenant and never leave the encryption boundary; HostAtlas cannot read your archives.

The restore action drops the decrypted file back onto the origin host at /tmp/<original-filename>. It does not overwrite the original path — you inspect, verify, and place it yourself. This is deliberate: an automated restore into production is a good way to overwrite a working state.

Offsite is billed per GB of stored data per month. Manage the subscription — turn it on, choose storage tier, cancel — from Settings → Offsite Backups.

  • Backups — the underlying file-level monitor. Offsite is one option per monitored path.
  • Backup Runs — for hosts running the hostatlas-backup CLI, which can ship archives directly to any S3 destination including our offsite.
  • Attack Mode — related security posture control.
Was this page helpful?