Decrypt your backup locally
Download the encrypted backup from the portal, decrypt it using your key, and restore it with your normal tools. Backup Verified cannot decrypt your data.
Step 1 — Download from the portal
In your dashboard, choose a backup and click Download. You will receive an encrypted file (for example: BV-1008_2026-02-24T02-15-00Z.bin.enc).
Tip: Keep the original filename. It typically includes a backup ID and timestamp for traceability.
Step 2 — Decrypt using your key
Use the same encryption key that was generated on your server. The key is stored in your config file. Backup Verified does not store or have access to it.
# Decrypt encrypted backup
./bv-agent decrypt \
--in ./BV-1008_2026-02-24T02-15-00Z.bin.enc \
--out ./backup.out \
-config ./bv-agent.yml
The --out parameter can be:
• A file (e.g. backup.out)
• A directory (if restoring a tar archive directly)
Step 3 — Restore (examples)
After decryption, restore the backup using the tool appropriate for your original backup format.
MySQL
mysql -u USER -p DB_NAME < backup.outPostgreSQL
# Plain SQL dump
psql -U USER DB_NAME < backup.out# Custom format dump
pg_restore -U USER -d DB_NAME backup.outTar archive
tar -xzf backup.out -C /restore/targetThe agent compresses backups before encryption, so decrypted tar archives are typically gzip-compressed.
Integrity note
Backup Verified verifies the encrypted object in managed storage. Decryption and restoration are performed entirely in your environment.
For additional assurance, consider performing periodic test restores in a staging environment.
Key management is your responsibility
If your encryption key is lost, Backup Verified cannot decrypt your backups or help recover them. Store multiple secure copies and consider offline backups.