Stash by AppsCode is a Kubernetes operator for restic. If you are running production workloads in Kubernetes, you might want to take backup of your disks. Traditional tools are too complex to set up and maintain in a dynamic computing environment like Kubernetes. restic is a backup program that is fast, efficient and secure with few moving parts. Stash is a CRD controller for Kubernetes built around restic to address these issues. Using Stash, you can backup Kubernetes volumes mounted in following types of workloads:

  • ✔Deployment
  • ✔DaemonSet
  • ✔ReplicaSet
  • ✔ReplicationController
  • ✔StatefulSet

What is Restic?

restic is a program that does backups right. The design goals are:

Easy: Doing backups should be a frictionless process, otherwise you are tempted to skip it. Restic should be easy to configure and use, so that in the unlikely event of a data loss you can just restore it. Likewise, restoring data should not be complicated.

  • Fast: Backing up your data with restic should only be limited by your network or hard disk bandwidth so that you can back up your files every day. Nobody does backups if it takes too much time. Restoring backups should only transfer data that is needed for the files that are to be restored so that this process is also fast.
  • Verifiable: Much more important than the backup is restored, so restic enables you to easily verify that all data can be restored.
  • Secure: Restic uses cryptography to guarantee the confidentiality and integrity of your data. The location where the backup data is stored is assumed to be an untrusted environment (e.g. a shared space where others like system administrators are able to access your backups). Restic is built to secure your data against such attackers, by encrypting it with AES-256 in counter mode and authenticating it using Poly1305-AES.
  • Efficient: With the growth of data, additional snapshots should only take the storage of the actual increment. Even more, duplicate data should be de-duplicated before it is actually written to the storage backend to save precious backup space.
  • Free: restic is free software and licensed under the BSD 2-Clause License and actively developed on GitHub.


Backward compatibility for backups is important so that our users are always able to restore saved data. Therefore restic follows Semantic Versioning to clearly define which versions are compatible. The repository and data structures contained therein are considered the “Public API” in the sense of Semantic Versioning.

We guarantee backward compatibility of all repositories within one major version; as long as we do not increment the major version, data can be read and restored. We strive to be fully backward compatible with all prior versions.


  • Fast, secure, efficient backup of Kubernetes volumes (even in ReadWriteOnce mode).
  • Automates configuration of restic for periodic backup.
  • Store backed up files in the various cloud storage provider, including S3, GCS, Azure, OpenStack Swift, DigitalOcean Spaces etc.
  • Restore backup easily.
  • Periodically check the integrity of backed up data.
  • Take the backup in offline mode.
  • Support workload initializer for faster backup.
  • Prometheus ready metrics for the backup process.

Tell us about a new Kubernetes application


Never miss a thing! Sign up for our newsletter to stay updated.


Discover and learn about everything Kubernetes