GitHub Copilot CLI — Backup Setup Procedure¶
Looking for the full restore guide?
See the Disaster Recovery & Device Migration Guide for complete step-by-step instructions on restoring to a new device or migrating GitHub accounts.
What This Guide Covers¶
This guide explains how to set up automated dual backups for your GitHub Copilot CLI configuration — keeping copies in both Personal OneDrive and Personal Google Drive.
Why two backups?
☕ Cloud Café analogy: Imagine you keep all your café recipes, training manuals, and staff records in the office safe (Personal OneDrive). But what if you move to a new kitchen (new device)? By keeping a second copy in your personal safe (Google Drive), you can set up a new device in minutes — no rebuilding from scratch.
Why Personal OneDrive, not Corp?
We originally backed up to Corp OneDrive (OneDrive - Microsoft). But Purview DLP scans detected mcp-config.json containing Microsoft Entra Client Secrets and blocked the file. Moved to Personal OneDrive on 2026-04-04 to avoid DLP alerts while keeping full backups including secrets.
What Gets Backed Up¶
| Item | Description | Location |
|---|---|---|
| Custom instructions | Your personalised Copilot CLI behaviour rules | ~\.copilot\ config files |
| MCP config | MCP server definitions (includes Entra credentials) | ~\.copilot\mcp-config.json |
| Secrets | GitHub PAT and other credentials | ~\.copilot\secrets\ |
| Session history | Past session states and context | ~\.copilot\session-state\ |
| Session search index | Searchable database of all past sessions | ~\.copilot\session-store.db |
| Learning docs source | MkDocs Markdown files (your learning portal content) | C:\ssClawy\learning-docs\docs\ |
What is NOT backed up (on purpose)
mcp-servers/— Installed packages, not config (can be reinstalled)logs/— Temporary session logs (not needed for restore)backups/,restart/— Temporary working directoriessession-store.db-shm,session-store.db-wal— SQLite runtime temp files (regenerated automatically)site/— The built website (regenerated from source withmkdocs build)
Architecture Overview¶
┌─────────────────────────────┐
│ Your PC (~\.copilot\) │
│ + learning-docs\ │
└─────────┬───────────────────┘
│ Daily at 9 AM (Scheduled Task)
▼
┌─────────────────────────────┐
│ Personal OneDrive │ ← PRIMARY
│ ~/OneDrive/ │
│ CopilotCLI_Backups/ │
│ ├── backup_2026-04-04_* │ ← timestamped snapshots (last 30 kept)
│ ├── backup_2026-04-03_* │
│ └── learning-docs-backup │ ← latest copy of learning docs
└─────────┬───────────────────┘
│ Automatic mirror (robocopy /MIR)
▼
┌─────────────────────────────┐
│ Google Drive │ ← SECONDARY (mirror)
│ G:\My Drive\ │
│ CopilotCLI_Backups\ │ ← exact mirror of Personal OneDrive backup
└─────────────────────────────┘
Setup Steps¶
Step 1 — Create the Backup Script¶
This PowerShell script does three things:
- Copies your
.copilotconfig (including secrets) to Personal OneDrive (timestamped folder) - Copies your learning-docs source to Personal OneDrive
- Mirrors everything to Google Drive
Create the file at ~\.copilot\backup-instructions.ps1:
# === COPILOT CLI BACKUP SCRIPT ===
# Runs daily via Windows Scheduled Task
# Backs up config to Personal OneDrive, then mirrors to Google Drive
# Note: Uses Personal OneDrive (not Corp) to avoid Purview DLP alerts on secrets
$copilotDir = "$env:USERPROFILE\.copilot"
$backupDir = "$env:USERPROFILE\OneDrive\CopilotCLI_Backups"
$timestamp = Get-Date -Format 'yyyy-MM-dd_HHmmss'
$backupFolder = "$backupDir\backup_$timestamp"
if (Test-Path $copilotDir) {
if (!(Test-Path $backupDir)) {
New-Item -ItemType Directory -Path $backupDir -Force | Out-Null
}
# Keep only last 30 backups (cleanup old ones)
$existing = Get-ChildItem "$backupDir\backup_*" -Directory -ErrorAction SilentlyContinue |
Sort-Object LastWriteTime -Descending | Select-Object -Skip 30
$existing | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue
# Folders and files to exclude (large or temporary)
$excludeDirs = @('mcp-servers', 'logs', 'backups', 'restart')
$excludeFiles = @('session-store.db-shm', 'session-store.db-wal')
# Create timestamped backup folder
New-Item -ItemType Directory -Path $backupFolder -Force | Out-Null
# Copy config files (top-level files, excluding large DBs)
Get-ChildItem "$copilotDir\*" -File | Where-Object {
$_.Name -notin $excludeFiles
} | ForEach-Object {
Copy-Item $_.FullName "$backupFolder\" -Force
}
# Copy config folders (excluding large/temporary ones)
Get-ChildItem "$copilotDir" -Directory | Where-Object {
$_.Name -notin $excludeDirs
} | ForEach-Object {
Copy-Item $_.FullName "$backupFolder\$($_.Name)" -Recurse -Force
}
}
# Backup learning-docs (Markdown source only, not the built site/)
$learningDocsDir = "C:\ssClawy\learning-docs"
if (Test-Path $learningDocsDir) {
$docsBackup = "$backupDir\learning-docs-backup"
# Replace with latest copy each time
if (Test-Path $docsBackup) { Remove-Item $docsBackup -Recurse -Force }
New-Item -ItemType Directory -Path $docsBackup -Force | Out-Null
# Copy mkdocs.yml config
Copy-Item "$learningDocsDir\mkdocs.yml" "$docsBackup\" -Force -ErrorAction SilentlyContinue
# Copy docs/ folder (all Markdown content)
if (Test-Path "$learningDocsDir\docs") {
Copy-Item "$learningDocsDir\docs" "$docsBackup\docs" -Recurse -Force
}
}
# --- Google Drive Mirror ---
# Mirrors the entire Personal OneDrive backup to personal Google Drive
$googleDriveBackup = "G:\My Drive\CopilotCLI_Backups"
if (Test-Path "G:\My Drive") {
if (!(Test-Path $googleDriveBackup)) {
New-Item -ItemType Directory -Path $googleDriveBackup -Force | Out-Null
}
# /MIR = exact mirror, /R:2 /W:1 = retry settings
robocopy $backupDir $googleDriveBackup /MIR /R:2 /W:1 /NJH /NJS /NP /NFL /NDL | Out-Null
}
Step 2 — Create the Windows Scheduled Task¶
This makes the backup run automatically every day at 9:00 AM.
Open PowerShell as Administrator and run:
# Define the scheduled task
$action = New-ScheduledTaskAction `
-Execute "pwsh.exe" `
-Argument '-NoProfile -WindowStyle Hidden -File "C:\Users\ssutheesh\.copilot\backup-instructions.ps1"'
$trigger = New-ScheduledTaskTrigger -Daily -At "09:00"
$settings = New-ScheduledTaskSettingsSet `
-AllowStartIfOnBatteries `
-DontStopIfGoingOnBatteries `
-StartWhenAvailable
# Register the task
Register-ScheduledTask `
-TaskName "CopilotCLI_BackupInstructions" `
-Action $action `
-Trigger $trigger `
-Settings $settings `
-Description "Daily backup of Copilot CLI custom instructions to Personal OneDrive"
What each flag means
| Flag | Plain English |
|---|---|
-NoProfile |
Don't load your PowerShell profile (faster startup) |
-WindowStyle Hidden |
Run silently in the background (no popup window) |
-Daily -At "09:00" |
Run every day at 9 AM |
-AllowStartIfOnBatteries |
Still runs on laptop battery |
-StartWhenAvailable |
If you were offline at 9 AM, runs when you're back |
Step 3 — Set Up Google Drive (One-Time)¶
Prerequisites:
- Google Drive for Desktop installed and signed in
- Google Drive should mount as the
G:\drive
Create the Google Drive backup folder:
Do an initial sync:
robocopy "$env:USERPROFILE\OneDrive\CopilotCLI_Backups" "G:\My Drive\CopilotCLI_Backups" /MIR /R:2 /W:1
After this, the daily scheduled task handles everything automatically.
How to Verify It's Working¶
Check the scheduled task is running¶
Expected output: State = Ready
Check backup folder contents¶
# Personal OneDrive backups
Get-ChildItem "$env:USERPROFILE\OneDrive\CopilotCLI_Backups\backup_*" -Directory |
Sort-Object LastWriteTime -Descending | Select-Object Name, LastWriteTime -First 5
# Google Drive mirror
Get-ChildItem "G:\My Drive\CopilotCLI_Backups\backup_*" -Directory |
Sort-Object LastWriteTime -Descending | Select-Object Name, LastWriteTime -First 5
Compare file counts (should match)¶
$personal = (Get-ChildItem "$env:USERPROFILE\OneDrive\CopilotCLI_Backups" -Recurse -File).Count
$google = (Get-ChildItem "G:\My Drive\CopilotCLI_Backups" -Recurse -File).Count
Write-Host "Personal OneDrive: $personal files | Google Drive: $google files"
Verify secrets are included¶
$latest = Get-ChildItem "$env:USERPROFILE\OneDrive\CopilotCLI_Backups\backup_*" -Directory |
Sort-Object Name -Descending | Select-Object -First 1
Write-Host "mcp-config.json: $(Test-Path (Join-Path $latest.FullName 'mcp-config.json'))"
Write-Host "secrets/: $(Test-Path (Join-Path $latest.FullName 'secrets'))"
Expected: Both True
How to Restore on a New Device¶
If you get a new device (personal or corp), follow these steps to restore everything:
1. Install Google Drive for Desktop¶
Download from google.com/drive/download and sign in. Your backup will sync to G:\My Drive\CopilotCLI_Backups\.
2. Install GitHub Copilot CLI¶
3. Restore your config¶
# Find the latest backup snapshot
$latestBackup = Get-ChildItem "G:\My Drive\CopilotCLI_Backups\backup_*" -Directory |
Sort-Object Name -Descending | Select-Object -First 1
# Copy it back to .copilot (includes mcp-config.json and secrets/)
Copy-Item "$($latestBackup.FullName)\*" "$env:USERPROFILE\.copilot\" -Recurse -Force
Write-Host "Restored from: $($latestBackup.Name)"
4. Restore learning docs¶
# Copy learning docs source back
$docsBackup = "G:\My Drive\CopilotCLI_Backups\learning-docs-backup"
Copy-Item "$docsBackup\*" "C:\ssClawy\learning-docs\" -Recurse -Force
5. Rebuild the learning portal site¶
Change Log¶
| Date | Change |
|---|---|
| 2026-03-27 | Initial setup — Corp OneDrive + Google Drive |
| 2026-04-04 | Moved from Corp to Personal OneDrive — Purview DLP flagged mcp-config.json (Entra client secrets). Added secrets/ and mcp-config.json to backup. Removed manual sync script. |
Key Concepts Explained¶
| Term | What it means |
|---|---|
| robocopy /MIR | "Mirror" — makes the destination an exact copy of the source. Adds new files, updates changed files, and removes files that no longer exist in the source |
| Scheduled Task | A Windows feature that runs a script automatically at a set time — like an alarm clock for your computer |
| Timestamped backup | Each backup is saved in a folder named with the date/time (e.g., backup_2026-04-04_150519), so you can go back to any point in time |
| 30-backup retention | Only the last 30 backups are kept — older ones are automatically deleted to save space |
| Purview DLP | Microsoft's Data Loss Prevention — scans Corp OneDrive for sensitive data (passwords, secrets, API keys) and blocks/alerts when found |
Summary
Your Copilot CLI config (including secrets) is backed up automatically every day to two personal cloud locations. If you ever switch devices, you can restore everything in under 5 minutes using the steps above.