Reliable, Zero-Knowledge Backups — Now in Ghostable CLI v2.4.0
Backups have arrived in Ghostable — built to meet your requests without compromising on security or requiring a paid tier. Learn why this matters, how it works, and how to use backups safely with the new Ghostable CLI v2.4.0.
Backups matter. Many teams treat environment data as one of their most critical assets, and having a way to preserve it — securely, reliably, and without extra cost — is essential. That’s why in v2.4.0 of the Ghostable CLI we’re introducing zero-knowledge backups that deliver on exactly that need: no paid tier required, and no compromise to the security principles Ghostable was built on.
Why Ghostable backups are different
Backup features can easily become a trade-off between convenience and security. Many tools simply serialize data and upload it somewhere — but that often leaks sensitive information or relies on server-side processing. Ghostable takes a different path: we built backups to align with our zero-knowledge architecture, meaning your secrets stay encrypted under keys only you control, even in a recovery file.
Here’s what that means in practice:
- Fully encrypted and verifiable: Backups are created locally, sealed in encrypted envelopes (.gsb files), and include only ciphertext and necessary cryptographic envelopes. Ghostable never sees unencrypted secrets.
- Offline restore ready: Once created, backups can be restored without requiring network access — ideal for disaster recovery or vendor exit scenarios.
- No paid tier required: This capability is included for everyone using the CLI — no premium plan needed.
How to create and restore a backup
Backups in Ghostable are deliberate artifacts — not daily syncs, but last-resort recovery points you store offline.
You generate a backup on a device that has access to the environment’s encryption key. Here’s the typical pattern:
ghostable backup create \
--env production \
--recovery-key [BASE64_X25519_PUBLIC_KEY] \
--recovery-label "Org Recovery"
Or, if you don’t want to supply flags:
ghostable backup create…you’ll be guided through interactive prompts that help you select the environment, enter a recovery key, and set a label.
ghostable backup restore \
--file ./path/to/backup.gsb \
--to-file ./restored.env \
--recovery-private-key [BASE64_X25519_PRIVATE_KEY]
Or interactively:
ghostable backup restoreAgain, the CLI will prompt you for what’s needed, making it approachable even if you’d rather not pass everything on the command line.
Along the way, the CLI never reveals plaintext secrets to the server — everything decrypts locally using your keys.
Real usage, real confidence
We didn’t add backups because it looked nice on a roadmap — we added them because you asked for it, consistently. As teams rely on Ghostable to secure critical environment data across projects and organizations, having a reliable way to mitigate total loss is essential. And because our security model is non-negotiable, we built backups the same way we built the rest of the platform: local encryption first, server only for storage.
Get started with CLI v2.4.0
The backup feature is included in Ghostable CLI v2.4.0 and up. You can grab the latest release right here:
Want product news and updates?
Sign up for our newsletter.