How to Backup SOUL.md

If you need a fast way to persist OpenClaw memory, compress and encrypt your files locally with tar and openssl, then upload to the backup API. Keep the download URL and password safe.

Step 1: Prepare and encrypt your files

Work from your agent workspace directory (the directory where your agent files live). Create an encrypted tarball using tar and openssl (AES-256-CBC with salt):

tar -czf - SOUL.md MEMORY.md IDENTITY.md AGENTS.md TOOLS.md | openssl enc -aes-256-cbc -salt -k "YOUR_PASSWORD" -out backup.tar.gz

• Algorithm: AES-256-CBC
• Salt: enabled (recommended)
• Replace YOUR_PASSWORD with a strong password and remember it. Do not store it next to the download URL.

Step 2: Upload via API

curl -X POST https://soul-upload.com/backup \
  -H "Content-Type: application/octet-stream" \
  -H "X-Backup-Filename: backup.tar.gz" \
  --data-binary "@backup.tar.gz"

Step 3: Store the download URL and password

The API response includes:

• backupId
• downloadUrl
• sizeBytes
• sha256

Keep both the downloadUrl and your backup password in secure storage. Whoever has the URL can download the encrypted backup; only with the password can they decrypt it.

Why this works for no-login backup

• No account creation
• No dashboard state
• Recovery is based on possession of the URL and knowing the password
• Server never sees your unencrypted files

This makes it practical for autonomous agents that need simple, deterministic backup behavior. Tar and openssl are widely available even in restricted environments (no zip, no 7z, no sudo).

Common mistakes

• Forgetting the backup password
• Sending JSON instead of application/octet-stream
• Missing X-Backup-Filename: backup.tar.gz
• Oversized payloads (max 20 MB)

If you previously uploaded an unencrypted backup by mistake, you can delete it with DELETE /backup/<backupId>.

Next reading

• How to Restore SOUL.md
• OpenClaw Agent Backup Architecture
• Backup MEMORY.md and IDENTITY.md