Automatic Daily GitHub Backups, Restored in Seconds.

Overview of setup, installation, backup creation and updates, snapshots, cloud sync and data recovery.

Rewind Backups for GitHub is a cloud-to-cloud backup solution for GitHub repositories.

Backups include metadata, such as issues, and come with daily snapshots up to 30 days back in time.

With Rewind Backups for GitHub you can restore repositories and metadata to GitHub, clone from Rewind servers, as well as download your data.

Plans

You can purchase a plan for up to 1200 repository backups in GitHub Marketplace. Billing is handled through GitHub. If you need more backups or want to purchase an enterprise plan, contact us directly.

Each user/organization requires a separate plan.

Installation

Rewind Backups for GitHub is built as a GitHub App.

You install Rewind Backups for GitHub on each user/organization you want to create backups for.

During the installation, you grant read access to your repositories. Every repository you grant access to is backed up.

Once the installation is complete, you login to Rewind Backups for GitHub with your GitHub user.

If you have installed Rewind Backups for GitHub for your GitHub organization, each member with the permission level “owner” can access backups.

→ How to install Rewind step by step

Backup creation, updates, snapshots and cloud syncing

Backup creation

For the initial backup, we clone the repositories and pull related metadata via the GitHub API.

Depending on the size of your repositories, and the number of repositories you granted access to (as well as API rate limits), initial backup can take up to a few hours.

The backup includes the complete git repository with all branches and commit history, as well as GitHub-related metadata associated with the repository, such as issues, milestones and so on.

→ See what’s included in the backup

Backup updates

To update the backup, we pull the repository and fetch new metadata. As an incremental update, the daily backup requires less time than the initial backup. We update the backups once a day. Updates are done during the night, Pacific Time.

Backup snapshots

Once the backup is complete, a snapshot of all backups is created so you can always roll back to a previous state of a backup.

We make daily snapshots and keep them for a maximum of 30 days.

→ Read more about snapshots and learn
how to use them

Cloud Sync to Amazon S3

Connecting an Amazon S3 bucket gives you an independent copy of all backups.

When you connect an S3 bucket, we sync all your data to the bucket on a daily basis. Having your own copy lets you further customize and process your backups, e.g., store them locally, or keep snapshots longer than 30 days.  Another benefit is being able to access your data anytime, even if GitHub and Rewind were to be down.

→ Learn more about Cloud Sync

Data Recovery

Rewind Backups for GitHub provides several ways to recover your data.

Restore to GitHub

Restore to GitHub is done via the Rewind Backups for GitHub restore app, which requires writing permissions to your GitHub account. The restore app first creates a new repository in your account. It then pushes the repository and restores the metadata via the GitHub API.

→ How to restore to GitHub step by step

Clone from Rewind

You can clone a repository directly from your backup on our servers, either from the current snapshot or from any previous snapshot available.  For authentication, we use the SSH public key attached to your GitHub user.

→ Learn how to clone from BackHub step by step

Download backups

You can download the repository and metadata backup from the Rewind Vault user interface.  The repository download contains the full git repository, including all branches and commit history.  Metadata comes in JSON format. Learn more about downloading backups:

→ Download the repository of a backup

→ Download the metadata of a repository backup

Backups prevent data loss and are needed for compliance.

To prevent loss of data

There are many reasons for keeping an extra offsite backup of your repositories.

The number one cause of data loss is directly from users.

Here are a few scenarios that can lead to loss of data in a GitHub repository:

• Accidental deletion of a repository from GitHub
• Change of repository history with git-reset or git-rebase, resulting in data loss via a forced push
• Contents of an issue or milestone accidentally changed or deleted
• Rogue employee or hacker destroys your data

Besides user error or malfeasance, GitHub might accidentally lose your data.

With Rewind Backups for GitHub you can restore your current backup directly back to GitHub or rollback to a previous state of your repository and metadata from any of the backup snapshots up to 30 days back in time.

For compliance

Many of our customers also need backups for compliance. If you are going through a SOC2 audit, for example, you need a backup of your cloud data.

→ Read more in “Use Rewind Backups for compliance

Installing Rewind from GitHub Marketplace.

These are the instructions to install Rewind with a plan from GitHub Marketplace. If you want to purchase an enterprise plan, see instructions here. Before installing you first choose a plan. You can try all our plans free for 14 days.

To purchase a plan:

1. Open GitHub Marketplace 

2. Click “Set up a free trial”.

3. Choose a plan with the size that suits your needs. If you need plans larger than 1200 repositories, please contact sales.

The summary of your order displays.

4. Under “Billing information” choose the account for which you want to create backups.

Note: You need a separate plan and installation for your personal account and each organization.

5. When everything is correct, click “Complete order and begin installation”.

To install Rewind Backups for GitHub:

Next you manage repository access and permissions.

1. Grant access and permissions as appropriate.

Access. Rewind creates backups for all repositories you grant access to. If you grant access to “All repositories” then backups for all current and future repositories will be automatically created. If you want to backup only select repositories, choose “Only select repositories” and enter the names of the repositories you want to backup.

Permissions. Rewind requires read access to code. For backing up the metadata and to manage access to backups, read access to administration, issues, members, metadata, pull requests, and repository projects is also required.

2. Click “Install” to install Rewind. (GitHub may ask for your password to confirm the installation)

To sign into Rewind:

1. Click on “Authorize backhub”.

You are redirected to backhub.co.

To create backups for your GitHub repositories:

On backhub.co an initial dialog displays with the number of repositories you granted access to, and the account for which you have installed Rewind.

1. To start creating backups, click “Create backups”.

A list of all backups displays. Backups are marked either in grey with the status “… pending” or already “… in progress” with a yellow border. Depending on the size and number of your repositories, creating the backups can take between a couple of minutes or up to a few hours.

Once the backups are successfully created, a timestamp with a green border displays.

2. Return to this page later if you want to check the status of your backups.

Install the restore app, set write permission, and remove it after restore.

The BackHub restore app must be installed before you can restore a backup.

For restoring a backup, write permission to at least one repository is necessary. The BackHub restore app is installed separately so that you can remove the app and its permissions after the restore has been completed.

The restore app automatically creates a new repository in your GitHub account with the name given in the restore dialog and restores the full repository and it’s metadata into this repository.

Install BackHub Restore app

1. Go to the GitHub App directory and start the installation.

2. During the installation process, limit access to “Select repositories” and pick a random repository.

Random, because it’s not possible to choose none unfortunately. The restore app creates a new repository, so the selected repository here isn’t affected in any way.

Initiate restore

1. In Rewind, search for the repository to restore

2. Click the panel to open the details

3. In the panel footer, choose the snapshot to restore from

4. Click “Restore” 

5. Open your GitHub account and check the restored repository. It may take a couple of minutes up to an hour for the restore to complete, depending on the size of your repository.

Note: Do not change anything in the repository while the restore is in progress (for example, don’t create an issue or try to commit).

Remove Restore app

After the restore has been completed, you can remove the Rewind restore app and its permission. This increases the security on your account.

1. Open the app settings at GitHub .

2. Select the organization from which to remove the app.

Useful information on how Rewind creates backups of your GitHub repositories and core features explained.

Back up GitHub repositories

• How to create a backup for your repositories
• Control which repositories to backup
• Automatically back up new repositories
• What is included in a backup

See more

Backup Snapshots

• Backup snapshot basics
• Using snapshots

Cloud Sync to Amazon S3

• How to set up cloud sync backup to Amazon S3
• How files are organized in the Amazon S3 bucket

Audit Log

• Audit Log

Complete git repository, metadata and most data available via the GitHub API included in every backup.

The backup consists of the complete git repository, including all branches, plus GitHub-related metadata associated with the repository, such as issues, milestones and so on.

We include most data available via the GitHub API associated with the repository. This currently includes:

Git Repository

• refs
• branches
• commits
• tags
• objects
• logs

Commit comments

• comment text
• creation date
• creator
• status open/closed

Releases *

Projects

• project columns
• project cards

Labels

Milestones

• status open/closed
• description
• due date
• associated issues

Issues *

• description
• creation date
• creator
• status open/closed
• comments (without reactions)
• assignee
• assigned labels
• assigned milestones

Pull Requests *

• description
• creation date
• creator
• status open/closed
• review comments (without reactions)
• assignee
• assigned labels
• assigned milestones

Pull requests are included in the backup, but can only be restored as issues due to limitations of the GitHub API.

Wiki

Wikis are included in the backup but cannot be automatically restored due to limitations of the GitHub API. Learn how to restore a wiki here.

 * Note: When you include an image or another attachment such as ZIP-Files, the file is uploaded to GitHub’s CDN and then referenced by the URL in the issue or comment. The URL for the attachment is included in the backup, but the file itself is fetched from GitHub’s CDN.

Data Security

SOC 2 Compliant

Rewind is officially SOC 2 Compliant (Type 1) as of October 2021. Rewind’s SOC 2 report (Type 1) can be shared with a Non-Disclosure Agreement (NDA) to assist with your due diligence processes.

Data storage

Rewind is hosted on Amazon Web Services (AWS). AWS is a comprehensive cloud computing platform that features enterprise compute power and data storage along with a broad range of IT solutions and utilities.

Data center accreditation and provisions

Rewind data centers are accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).

Rewind’s data centers provide 24/7 manned security, video surveillance, and biometric access control, as well as multi-factor authentication locks. Here are more details about Amazon Web Services (AWS) security and privacy.

Data center locations

All Rewind data centers are located in Germany or the US. To minimize environmental risks, including flooding, extreme weather, and seismic activity, we select our data center locations according to optimal geographic assessments.

High availability

Rewind services are provided on fully-provisioned, redundant servers in case of failure. Redundant servers may include replica databases, multiple load balancers, and web servers. Rewind takes servers out of operation as part of our regular maintenance without any impact to availability.

Secure backup

Rewind creates regular encrypted backups of our data storage on Amazon Web Services (AWS). Encryption at rest and in transit is provided for all backups. In each 24 hour period, Rewind captures a full backup of customer data.

Production data loss is not a likely event, but should it ever occur, we restore all data from these backups.

We maintain backups for 30 days. After 30 days, the backups and all their data are destroyed in a secure manner.

Comprehensive logs

To prevent unauthorized access, Rewind maintains comprehensive transactional logs of all monitored system actions. Logs are pushed to an dedicated logging instance to prevent manipulations.

Third party services

For the list of all third party services that support Rewind, see the Data Processing Agreement (DPA) in Appendix 4.

Application Security

Encryption standards and practices

We adhere to the same type and degree of encryption as that of financial institutions. Rewind applies the industry standards HTTPS, 256-bit SSL, and AES. All databases are encrypted at rest and in transit. For credentials, all secrets are stored in an encrypted and access-restricted database. Third parties can neither view nor access Rewind network communications.

Authentication

Users must be authenticated in order to gain access to Rewind. Rewind uses different types of authentication, all designed and provided by GitHub, adhering to OAuth standards. Tokens are never stored persistently on our side, but instead are requested from GitHub on demand. User tokens are encrypted in transit and at rest, and have a very limited lifetime, after which they expire. We do not rely on user passwords, but instead on GitHub Authentication mechanisms. We never ask a customer for their user password or token.

User and application permissions

Access to a customer’s GitHub user is limited to a given scope. Rewind requests the minimal set of required GitHub permissions. Installations of Rewind require read-only permissions, limited to those resources that are stored in the backups. Customers can revoke any of these permissions at any time in GitHub settings.

Payment security

Subscriptions and payments are handled via the GitHub Marketplace. For enterprise plans and customers who have migrated from Rewind basic, payments are captured and stored securely by Stripe, a payment processing service that has been audited by a PCI-certified author.

The certification level of Stripe is PCI Service Provider Level 1, which is the most stringent standard in the payments industry. In addition, for all services, Stripe forces HTTPS using TLS (SSL), and encrypts card numbers on disk using AES-256. Decryption keys are stored on separate machines. Learn more about Stripe security and privacy.

Infrastructure Security

Data access and privacy

Your business data is kept private to you. In limited circumstances, including where required by law or for technical support, specific Rewind personnel may be allowed to access live or backup data, production systems, or information security systems. For details, see the BackHub Privacy Policy.

Risk assessment

Rewind commissions risk assessments to identify possible vulnerabilities in security or systems. We work to resolve all severe and critical issues with highest priority.

Downtime reporting and notification

Our platform minimizes the need for downtime, including common system upgrades that could necessitate an outage. In the rare event of scheduled downtime, we notify customers by email at least 24 hours in advance.

The current status of our application is constantly monitored and publicly reported on our status page.

Incident management

We request that you immediately report any and all suspected security or privacy incidents via technical, physical, or logical means to security@rewind.com for priority ticketing and resolution management.

Rewind also keeps specialists on retainer to assist in the event of any intrusion, data breach, DDoS attack, or other issues requiring additional support.

Corporate Security

General Data Protection Regulation (GDPR)

We’re compliant with the General Data Protection Regulation (GDPR). GDPR’s mission is to protect the private information of EU citizens and give them more control of their personal data. For businesses, GDPR aims to provide a more level playing field. Contact us for more details on how we comply with GDPR.

Background checking

Rewind management does thorough reference checks on all applicants prior to employment. When an employee is terminated, management immediately revokes all privileges and updates all relevant credentials.

Continuous Integration / Continuous Deployment (CI/CD)

Rewind uses continuous integration and deployment (CI/CD). This means that all code changes are committed, tested, built and shipped in a predefined and automated way. This decreases the likelihood of security issues while improving the internal response time to bugs and vulnerabilities and their effective eradication.

Security training

All Rewind employees receive onboarding and training on our development and production environment, infrastructure, coding guidelines, security policies, and deployment process.

Need to report a security vulnerability?

If you have found a security or privacy issue at Rewind, we ask that you follow our
Vulnerability Disclosure Policy.

We work hard to keep Rewind safe for everyone. However, it is possible that unforeseen and potentially negative things may occasionally happen. We appreciate your help in disclosing any concerns to us in a timely manner.

We take security disclosures very seriously and consider them our highest priority. Please support us in making sure we understand the scope of the issue so we can effectively address your concern.

Rewind requests customers to act in good faith towards our users’ privacy and data during any disclosure. Specifically, we ask that you do not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability. Also, we respectfully ask that you do not post or share any data belonging to our users.

Thank you for using and supporting Rewind!