You resized a volume, rebuilt a rented Mac mini, or need a hot standby gateway in another region—now you must move OpenClaw without corrupting tokens, skills, or LaunchAgent paths. Treat ~/.openclaw like a database: quiesce writers, snapshot consistently, and validate readers. This playbook covers tarball versus rsync trade-offs, how to share archives with security without leaking keys, and the exact openclaw doctor checks before you cut traffic over. Cross-link with the upgrade checklist, env profile hygiene, and gateway diagnostics for deeper dives.
What belongs in a backup
At minimum capture ~/.openclaw including openclaw.json, installed skills under skills, gateway logs if your compliance team mandates 90-day retention mirrors, and any custom hooks. If agents live in ~/.agents or project-level .agents trees, include those paths in the manifest so restores do not silently drop tool definitions.
Exclude bulky regenerable folders only after you document how to rebuild them: npm caches, temporary model downloads, and browser profiles used for automation screenshots. A typical production archive runs 120–400 MB compressed without models; with local LLM weights, split backups—config tarball plus artifact sync—to keep support tickets movable.
Tarball vs rsync
| Method | Best for | Watchouts |
|---|---|---|
tar czf | Point-in-time handoff to security or S3 | Ensure gateway stopped; verify checksum shasum -a 256 |
rsync -aH | Incremental drift correction between staging hosts | Preserve xattrs if your stack relies on them; mind trailing slashes |
| APFS snapshot | Same-machine rollback before risky upgrades | Not a substitute for off-box disaster recovery |
When migrating to a fresh cloud Mac, tarball plus checksum uploads faster over residential uplinks than repeated rsync passes. When both hosts sit on the same VLAN, rsync often finishes in under 6 minutes for a 250 MB tree—pick based on network, not dogma.
Secrets and compliance
Never attach raw .env files to tickets. For audits, generate a redacted tree listing with hashed filenames and store actual secrets in your vault. If you must move keys, rotate them during migration: issue new Slack bot tokens and Discord webhooks on the destination host, then revoke the old ones after doctor probes succeed.
SOC2-minded teams keep two artifacts: (1) encrypted full backup for break-glass, (2) sanitized archive for engineering replay. Document the retention window—many startups choose 35 days for sanitized copies and 1 year for encrypted vault objects.
Restore order on the new Mac
- Install the same Node 22 LTS minor you recorded pre-migration; drift here causes native module mismatches.
- Create the service user (often your SSH login) and unpack into its home with correct UID/GID.
- Reinstall the
openclawCLI globally or via the approved package manager path. - Reload LaunchAgent plist or systemd equivalent; on macOS run
launchctl bootstrapper your onboarding doc. - Reapply TCC permissions—screen recording, automation—because they are machine-local.
Expect 15–25 minutes of human time for TCC clicks when moving between cloud tenants; batch them on a VNC session to avoid partial grants.
Validation matrix
Before DNS cutover, run through this checklist and log timestamps in the change ticket:
openclaw doctorexits zero with the same warning budget you accepted on the source host.- Channel probes deliver a synthetic message round-trip within 30 seconds.
- Disk free space exceeds 20% on APFS after unpacking models or caches.
- CPU idle stays below 35% during a canned prompt replay of your top 10 automation flows.
If any step fails, roll back DNS and keep the old gateway up—cloud Mac snapshots make this a 5-minute revert when you snapshotmed immediately pre-cutover.
Automation tip
Store a BACKUP_MANIFEST.txt beside each archive listing OpenClaw version, Node version, OS build, and checksum. Future you—and the on-call engineer at 2 a.m.—will thank you. Tie manifest generation to your weekly cron already described in our LaunchAgent article series.
When not to clone blindly
If the source machine was compromised, rebuild from known-good configs instead of copying the entire home tree. Use the sanitized archive plus freshly rotated credentials; malware persistence hiding in LaunchAgents has burned teams who prioritized speed over hygiene.
Bandwidth and time-boxing
Uploading a 400 MB tarball over a 25 Mbps uplink takes about 2.5 minutes in theory—double that for TLS overhead and retry frames. Schedule migrations outside webhook-heavy windows; pause marketing automations that hammer your gateway during the cutover window. Teams in APAC often pick UTC 02:00 when US traffic dips but EU morning spikes have not started.
For multi-host fleets, promote backups from staging to production using a signed artifact pipeline: upload tarball to internal object storage with SSE-KMS, fetch on the new Mac with a one-time download URL expiring in 60 minutes, then delete the object. This pattern satisfies auditors who dislike long-lived public links.
Skills and plugins after restore
Pinned skills under ~/.openclaw/skills should reappear verbatim, but run openclaw skills list and compare counts against your manifest. If a plugin pulled binaries during install, confirm their architecture matches Apple Silicon on the destination. Mismatches usually surface as spawn ENOEXEC in logs within the first three automated tasks—catch them before customer-facing channels reconnect.
Document a quarterly “fire drill”: restore last week’s backup onto a fresh mini, run doctor, and tear down. Teams that invest 90 minutes per quarter report 40% fewer Sev-2 incidents during real migrations, according to internal postmortems we reviewed across MacHTML tenants—mostly because manifests stayed honest.
Observability should not move blindly either. If you ship logs to a local file on the old host, replicate the sink configuration before cutover or you will debug blind for the first hour. Point filebeat—or your macOS-friendly agent—at the same Elasticsearch index with a new host.name label so dashboards stay continuous while you compare error rates side by side for 48 hours.
Lastly, keep a printed runbook PDF—even if ironic for a cloud shop. When DNS and VPNs misbehave, an offline checklist beats a wiki you cannot reach. Store the PDF version string next to your OpenClaw semver so auditors can map documents to running code. Label the USB stick with the restore date in ISO format.
FAQ
Can I sync ~/.openclaw with Dropbox?
Strongly discouraged—file watchers race with the gateway, and cloud sync tools have caused partial writes mid-json save. Use explicit backups on a schedule instead.
Do I need the same hostname?
Some webhook URLs embed hostnames. Update allowed origins and callback URLs when the hostname changes; doctor flags mismatches quickly if you probe channels.
What about Apple Silicon vs Intel archives?
Config transfers fine; native binaries inside skill dependencies may need rebuild. Budget an extra 20 minutes for npm rebuild when crossing architectures.
OpenClaw shines when the underlying Mac is stable, always-on, and easy to snapshot. Apple Silicon Mac mini nodes give you native Keychain behavior, predictable USB security key support, and whisper-quiet thermals for 24/7 gateways—without another capital purchase every refresh cycle. MacHTML supplies bare-metal rentals with SSH/VNC so you can practice backup/restore drills on disposable hosts, promote the winning image, and decommission the rest. Elastic Mac capacity beats parking idle hardware under a desk between incidents.
Practice OpenClaw migration on cloud Mac
Rent Apple Silicon Mac mini time for backup drills, standby gateways, and snapshot rollback after risky restores.