backrest-mcp
Provides optional InfluxDB metrics integration, emitting tool call metrics (measurement 'backrest_tool' with 'tool' tag and 'duration_ms' field) to InfluxDB for monitoring.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@backrest-mcplist my recent snapshots"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
backrest-mcp
MCP server for Backrest — a web UI and orchestrator for restic backups.
Python/FastMCP rewrite of backrest-mcp-server. Covers the full useful surface of the Backrest REST API with layered safety controls to protect backup data.
Tools
Tool | Description | Requires |
| Read Backrest configuration (repos, plans) | — |
| List snapshots, optionally filtered by repo or plan | — |
| Browse files within a snapshot | — |
| 30-day dashboard stats per repo and plan | — |
| Recent operation history with status icons | — |
| Trigger a backup plan (dry_run supported) |
|
| Run maintenance: prune/check/stats/unlock/index |
|
| Cancel a running operation |
|
| Permanently forget a snapshot (confirm token required) |
|
| Restore snapshot to a staging path |
|
Default state: read-only — only the top 5 tools are registered. No write calls are possible without explicit opt-in.
Related MCP server: spanning-mcp
Safety Controls
Backups are critical data. Four controls gate write and destructive operations:
1. Read-only mode (default: on)
BACKREST_READONLY=true # no write tools registered (default)
BACKREST_READONLY=false # enables trigger_backup, do_repo_task, cancel_operation2. Destructive gate (default: off)
BACKREST_ALLOW_DESTRUCTIVE=false # forget/restore never registered (default)
BACKREST_ALLOW_DESTRUCTIVE=true # enables forget_snapshot, restore_snapshot
# requires BACKREST_READONLY=false3. Forget confirmation token
forget_snapshot requires confirm=f"FORGET:{snapshot_id}". The caller must name the exact snapshot being deleted.
4. Restore path guard
restore_snapshot validates the target path against BACKREST_RESTORE_ALLOWED_PREFIX (default: /tmp/backrest-restore/) using os.path.realpath(). Path traversal attempts are blocked. After verifying restored files, move them manually.
5. Audit log
Set BACKREST_AUDIT_LOG=/path/to/audit.jsonl to log all write operations. Credential values are never included.
Configuration
Env var | Default | Purpose |
|
| Backrest base URL |
| — | Basic Auth username (optional) |
| — | Basic Auth password |
|
| Disable all write tools |
|
| Enable forget/restore (requires READONLY=false) |
|
| Restore target path guard |
| — | JSONL audit log for write ops |
|
| Logging verbosity |
| stderr | Log file path |
| — | Optional InfluxDB metrics |
Install
python3 -m venv .venv
source .venv/bin/activate
pip install -e .For development/testing:
pip install -e ".[dev]"
pytestDeployment (PM2)
An ecosystem.config.js is included for PM2-managed deployment. Credentials are injected
via --env-file to avoid storing them in the config file:
cd /path/to/backrest-mcp
pm2 start ecosystem.config.js --env-file /path/to/secrets.envThe secrets file must contain BACKREST_USERNAME and BACKREST_PASSWORD. All other settings
default safely in ecosystem.config.js (BACKREST_READONLY=true, BACKREST_ALLOW_DESTRUCTIVE=false).
The server runs in stdio mode via the backrest-mcp entry point. To expose over HTTP,
use a FastMCP HTTP wrapper or proxy.
Claude Desktop Config
{
"mcpServers": {
"backrest": {
"command": "/path/to/backrest-mcp/.venv/bin/python",
"args": ["-m", "backrest_mcp.server"],
"env": {
"BACKREST_URL": "http://localhost:9898",
"BACKREST_USERNAME": "your-username",
"BACKREST_PASSWORD": "your-password",
"BACKREST_READONLY": "true"
}
}
}
}Omit BACKREST_USERNAME and BACKREST_PASSWORD if Backrest auth is disabled.
TLS
If connecting to an HTTPS endpoint with a private or self-signed CA:
REQUESTS_CA_BUNDLE=/path/to/ca.crthttpx respects this env var. Do not disable TLS verification.
Observability
Structured JSON logs via structlog. LOG_LEVEL controls verbosity (default: INFO). Set
LOG_FILE to write to a file instead of stderr.
Optional InfluxDB metrics via pip install -e ".[influxdb]":
Env var | Purpose |
| InfluxDB write URL |
| Auth token |
| Organization |
| Bucket (default: |
Each tool call emits a backrest_tool measurement with tool tag and duration_ms field.
Auth Architecture
Credentials flow: env vars → BackrestClient.__init__ → httpx Basic Auth tuple → Authorization header.
Credentials are never written to logs, audit entries, or MCP tool responses.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/TadMSTR/backrest-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server