v1.3.1

Changes

Tighten PORTAINER_INSECURE to a single value

PORTAINER_INSECURE now enables only on the exact value true. The 1/yes aliases introduced in v1.3.0 are dropped in favor of one canonical, unambiguous opt-in that matches the YAML boolean convention (#20).

Full changelog: v1.3.0...v1.3.1

v1.3.0

Features

Opt-in PORTAINER_INSECURE flag to skip TLS verification

Portainer behind a self-signed or private certificate previously failed every API call with curl exit 60 and no recovery path. Set PORTAINER_INSECURE to true/1/yes to skip TLS verification for those calls; verification stays on by default.

The test preflight now detects curl exit 60 and reports a TLS-specific error naming the flag, instead of a generic unreachable-host message.

Maintenance

• Alpine base bumped 3.23 -> 3.24 (#18).
• CI action bumps: checkout, gitleaks-action, codeql-action, metadata-action.

Full changelog: v1.2.2...v1.3.0

v1.2.2

Fixes

Validate PORTAINER_BACKUP_UMASK and fail safe to 077

An unquoted PORTAINER_BACKUP_UMASK: 077 in a compose/YAML file is parsed as an octal integer (63 decimal) and reached the container as 63, which derived a world-readable 0604 for exported files (0714 for dirs) instead of the intended owner-only 0600/0700. The export path and the entrypoint reconcile now reject any value that is not 3-4 octal digits and fall back to 077 with a warning, so a mangled value fails safe instead of leaking.

Quoting remains the correct config: PORTAINER_BACKUP_UMASK: "077", PUID: "1000".

Docs

• docker-compose.yml now shows the PORTAINER_BACKUP_UMASK / PUID / PGID vars as commented, quoted examples.
• README documents file ownership/permissions and the YAML quoting rule for numeric values.

Full changelog: v1.2.1...v1.2.2

v1.2.1

Fixes

Export file modes now enforced with chmod, not just umask

PORTAINER_BACKUP_UMASK (v1.2.0) had no effect on filesystems with inherited ACLs, most notably Synology shared folders, which stamp an ACL on every newly created file that overrides the process umask. Exports there landed world-readable (755), including .env and stack metadata. Truncating writes also preserve an existing file's mode, so re-exports never tightened a pre-existing tree.

export now derives the file/dir modes from the umask and chmods the whole backup tree at the end of every run. chmod sticks where umask does not, so secrets end up owner-only (600, dirs 700 by default) on every run and on every filesystem. Verified on a live Synology DSM volume.

Full changelog: v1.2.0...v1.2.1

v1.2.0

What's new

Secure backup file permissions

Exports now default to a 077 umask, so backup files (.env, stack metadata, compose) are written owner-only (600) instead of world-readable 644. Override with PORTAINER_BACKUP_UMASK (for example 027 for group read).

Container file ownership (PUID/PGID)

Set PUID and PGID to own the exported files as a specific user. The container reconciles the existing backup tree (ownership and modes) and drops privileges via su-exec before running, so a legacy root-owned tree is normalized on the first run. Left unset, it runs as root as before, so existing deployments are unaffected.

Timestamped logs

Console output and entrypoint messages now carry timestamps, so docker logs shows when each line, and the last scheduled cron run, executed. Timestamps honor the container TZ.

Other

• README badges now link to their targets (#8).

Full changelog: v1.1.1...v1.2.0

v1.1.1

Maintenance release. No changes to the script or its behavior.

• Update the base image to Alpine 3.23.
• Harden CI/CD: every action pinned to a commit SHA, build provenance
  attestation on the published image, and Trivy image scanning with results
  uploaded to code scanning.
• Add workflow static analysis (zizmor, actionlint), Dockerfile linting
  (hadolint), and secret scanning (gitleaks).
• Add Dependabot for the github-actions and docker ecosystems.

v1.1.0

What's new

Import any standard compose filename. --source and --stack previously matched only docker-compose.yml. They now also recognize compose.yaml, compose.yml, and docker-compose.yaml, deduping per directory by Docker's filename precedence.

This makes it easy to bulk-import pre-existing compose files (not just portrieve backups): arrange each stack in its own subdirectory and point --source at the parent, or import a single file with --compose. A sibling .env is picked up automatically.

# Bulk-import a folder of existing stacks onto endpoint 1
docker run --rm -e PORTAINER_URL=... -e PORTAINER_API_KEY=... \
  -v "\$PWD/mystacks:/backup" ghcr.io/nopoz/portrieve:1.1.0 import --source /backup --endpoint 1

Fully backward compatible: existing docker-compose.yml backups import exactly as before.

Container image

```
docker pull ghcr.io/nopoz/portrieve:1.1.0
```

v1.0.0

First release of Portrieve.

Back up, restore, and migrate Portainer stacks through the Portainer API, as plain Docker Compose files you can read and commit.

Highlights

• Export every stack across every endpoint to docker-compose.yml, .env, stack metadata, and per-endpoint networks.json. Sync-style: prunes backups for stacks/endpoints removed in Portainer.
• Import backups (or any compose/.env) to the same or a different endpoint. Recreates external: true networks first, carrying over driver, labels, options, and IPAM so static-IP stacks keep working.
• Discovery commands (test, endpoints, stacks) to inspect an instance and find import targets.
• Safe by default: existing stacks are skipped unless --update; --dry-run previews every action.
• Runs as a single Bash script or as a container with optional cron-scheduled backups.

Container image

docker pull ghcr.io/nopoz/portrieve:1.0.0