VICIfast

Help / Getting started

External backups to your own S3

Push daily backups to your own S3-compatible bucket. Your retention, your keys, your lifecycle policy.

External Backups push daily database dumps + recordings to your own S3-compatible bucket. The platform owns the schedule; you own the storage, retention, and credentials.

Why bring your own S3

  • Compliance retention — HIPAA 6 years, FINRA 6+ years, FCRA 2 years. Daily snapshots (7-day rolling) aren't a multi-year strategy.

  • Cost control — set your own lifecycle policy. Move recordings to cold storage after 90 days; pay $0.004/GB/month instead of standard rates.

  • Data residency — pick the bucket region to match your regulator's data-residency requirements.

  • Independent recovery — your backups live somewhere we can't touch. The dialer host going dark doesn't lose your data.

Compatible S3 providers

  • AWS S3

  • Hetzner Object Storage

  • Backblaze B2

  • Wasabi

  • MinIO (self-hosted)

  • Anything else speaking the S3 API + supporting standard auth

Setup

  1. Dashboard → your server → External Backups.

  2. Paste bucket name, region, endpoint URL, access key, secret key.

  3. Click Test — we verify write access by uploading + deleting a tiny test object.

  4. Save. Daily backup begins at 03:30 server local (after the platform snapshot).

What gets pushed

Two streams:

  • MySQL dump — single-transaction, gzipped. Compressed dump is ~5-15% of the live DB size.

  • Recordings rsync — incremental, only-changed-files to a date-partitioned prefix.

Restore format

The MySQL dump is a regular mysqldump file — restore with gunzip dump.sql.gz | mysql. Recordings keep their original paths so you can rsync back without rewriting metadata.

Credentials rotation

When you rotate the S3 credentials in your provider, paste the new ones into the dashboard. We re-test access before saving; the next push uses the new credentials. Failed pushes trigger an alert after two consecutive failures.

Does the platform read my recordings during push?

The rsync wrapper runs as root on your box, reading the files. We do not exfiltrate them; the destination is your bucket. The audit log on the dashboard records the push timestamps + byte counts so you can verify.

Tags: retention, backups, s3, byo

Related