Skip to main content

How to Enable Backup Encryption in Frappe Framework v15

What Is Backup Encryption in Frappe?

Backup encryption in Frappe Framework v15 ensures that site backups—including database dumps and private files—are encrypted before being stored. This protects sensitive ERPNext data from unauthorized access, even if backup files are exposed or compromised.
Encryption is applied automatically during the backup process once enabled.

Why Enable Backup Encryption in ERPNext?

Backup files often contain highly sensitive business data. Encrypting them is a critical security best practice.

Key Benefits

  • Protects data at rest
  • Prevents unauthorized backup access
  • Helps meet compliance and audit requirements
  • Reduces risk during offsite or cloud storage

Backup encryption is essential for production ERPNext environments.

Who Should Enable Backup Encryption?

Target Audience

  • System Administrators
  • DevOps Engineers
  • ERPNext Hosting Providers
  • Security & Compliance Teams

Technical Prerequisites

  • Frappe Framework v15
  • Bench-managed environment
  • Shell access to the server

How Does Backup Encryption Work in Frappe v15?

Frappe uses a site-level encryption key to encrypt backup archives during creation. This key is stored securely and is required to restore encrypted backups.

Core Concepts

  • Encryption happens during bench backup
  • Uses symmetric encryption
  • Same key is required for decryption

Once enabled, all future backups are encrypted automatically.

How to Enable Backup Encryption in Frappe v15?

Step-by-Step Guide

Step 1: Navigate to Your Bench Directory

cd /path/to/frappe-bench

Ensure you are operating inside the correct bench.

Step 2: Enable Backup Encryption for a Site

bench set-config -g encrypt_backups 1

This command enables encrypted backups globally for all sites on the bench.

This setting is read by the backup system at runtime.

Step 3: Verify Configuration

bench config get encrypt_backups

Expected output:

1

This confirms that backup encryption is enabled.

Where Is the Encryption Key Stored?

Frappe automatically manages the encryption key internally. The key is required during restore operations, so it must be preserved when migrating or rebuilding servers.

Important Notes

  • Do not delete site configuration files
  • Keep backups of your bench configuration
  • Loss of the key makes backups unrecoverable

How Are Encrypted Backups Identified?

Encrypted backups typically:

  • Have encrypted archive contents
  • Cannot be opened without decryption
  • Require the same bench configuration for restore

The backup filename remains unchanged, but the contents are encrypted.

Restoring Encrypted Backups in Frappe v15

Encrypted backups are restored using the same bench environment where encryption is enabled.

bench restore site-name encrypted_backup.sql.gz

Frappe automatically decrypts the backup during restore if the encryption key is available.

Real-World ERPNext Use Cases

Industry Relevance

  • Finance: Protect accounting data
  • Healthcare: Secure patient information
  • Manufacturing: Safeguard production data
  • SaaS Providers: Secure multi-tenant backups

Backup encryption is critical in regulated industries.

Best Practices for Backup Encryption

  • Always enable encryption in production
  • Store backups in secure offsite locations
  • Maintain server access controls
  • Document encryption configuration
  • Test restore procedures regularly

Common Issues and Troubleshooting

Unable to Restore Encrypted Backup

  • Ensure encrypt_backups is enabled
  • Verify bench configuration consistency
  • Confirm encryption key is present

Backup Appears Corrupted

  • Do not manually extract encrypted files
  • Restore using bench restore only

Backup Encryption vs Standard Backups

Feature Standard Backup Encrypted Backup
Data Protection ❌ No ✅ Yes
Compliance Ready ❌ No ✅ Yes
Safe Offsite Storage ❌ Risky ✅ Secure

Encrypted backups are strongly recommended for all production systems.

Integration with Frappe Backup System

Backup encryption integrates seamlessly with:

  • Automated backups
  • Scheduled cron jobs
  • Cloud storage workflows
  • Disaster recovery plans

No additional customization is required once enabled.

Official References (Verified)

Enable Backup Encryption (v15):

https://docs.frappe.io/framework/user/en/guides/basics/how-to-enable-backup-encryption

Frappe GitHub (v15):

https://github.com/frappe/frappe/tree/version-15

Rating: 5 / 5 (2 votes)

© 2026 | goERPNext | All rights reserved