diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index cd185ae..c6351db 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -49,7 +49,10 @@ jobs:
             --set bookstack.db.password="${{ secrets.DB_PASSWORD }}" \
             --set bookstack.db.root_password="${{ secrets.ROOT_PASSWORD }}" \
             --set bookstack.mail.username="${{ secrets.MAIL_USERNAME }}" \
-            --set bookstack.mail.password="${{ secrets.MAIL_PASSWORD }}"
+            --set bookstack.mail.password="${{ secrets.MAIL_PASSWORD }}" \
+            --set bookstack.aws.backup_s3_url="${{ secrets.BACKUP_S3_URL }}" \ 
+            --set bookstack.aws.access_key_id="${{ secrets.ACCESS_KEY_ID }}" \ 
+            --set bookstack.aws.secret_access_key="${{ secrets.SECRET_ACCESS_KEY }}"
 
   deploy_to_prod1:
       name: Deploy to prod 1
@@ -94,3 +97,6 @@ jobs:
             --set bookstack.db.root_password="${{ secrets.ROOT_PASSWORD }}" \
             --set bookstack.mail.username="${{ secrets.MAIL_USERNAME }}" \
             --set bookstack.mail.password="${{ secrets.MAIL_PASSWORD }}"
+            --set bookstack.aws.backup_s3_url="${{ secrets.BACKUP_S3_URL }}" \ 
+            --set bookstack.aws.access_key_id="${{ secrets.ACCESS_KEY_ID }}" \ 
+            --set bookstack.aws.secret_access_key="${{ secrets.SECRET_ACCESS_KEY }}"
diff --git a/bookstack-helm/templates/backup.yaml b/bookstack-helm/templates/backup.yaml
new file mode 100644
index 0000000..0619471
--- /dev/null
+++ b/bookstack-helm/templates/backup.yaml
@@ -0,0 +1,67 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backupjob
+  namespace: {{ .Values.meshwiki_app_namespace }}
+spec:
+  schedule: {{ .Values.bookstack.backup.cron_schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: backupjob
+            image: "{{ .Values.db_image.repository }}:{{ .Values.db_image.tag }}"
+            imagePullPolicy: {{ .Values.db_image.pullPolicy }}
+            command:
+            - /bin/bash
+            - /backup.sh
+            volumeMounts:
+            - name: backup-script
+              mountPath: /backup.sh
+              subPath: backup.sh
+              readOnly: true
+            restartPolicy: OnFailure
+            env:
+            - name: DB_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: wikiconfig
+                  key: DB_HOST
+            - name: DB_DATABASE
+              valueFrom:
+                configMapKeyRef:
+                  name: wikiconfig
+                  key: DB_DATABASE
+            - name: DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: wiki-secrets
+                  key: db-username
+            - name: DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: wiki-secrets
+                  key: db-password
+            - name: BACKUP_S3_URL
+              valueFrom:
+                secretKeyRef:
+                  name: wiki-secrets
+                  key: backup-s3-url
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: wiki-secrets
+                  key: access-key-id
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wiki-secrets
+                  key: secret-access-key
+          volumes:
+          - name: backup-script
+            configMap:
+              name: script
+              items:
+                - key: backup.sh
+                  path: backup.sh
diff --git a/bookstack-helm/templates/backupscript.yaml b/bookstack-helm/templates/backupscript.yaml
new file mode 100644
index 0000000..5c0d619
--- /dev/null
+++ b/bookstack-helm/templates/backupscript.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backup-script
+  namespace: {{ .Values.meshwiki_app_namespace }}
+data:
+  backup.sh: |
+    echo "Dumping db"
+    mysqldump -h "$DB_HOST" -u "$DB_USER" --password="$DB_PASS" "$DB_DATABASE" > wiki.sql
+    echo "Creating tarball"
+    backup_name="wiki_backup_$(date +%s).tar.gz"
+    tar -chzvf $backup_name wiki.sql /app/www/public/uploads/ /app/www/storage/uploads/
+    echo "push to s3"
+    apk add aws-cli
+    aws s3 cp ./$backup_name "$BACKUP_S3_URL"
\ No newline at end of file
diff --git a/bookstack-helm/templates/secrets.yaml b/bookstack-helm/templates/secrets.yaml
index 947fcf9..cb041d0 100644
--- a/bookstack-helm/templates/secrets.yaml
+++ b/bookstack-helm/templates/secrets.yaml
@@ -9,4 +9,7 @@ data:
   db-password: {{ .Values.bookstack.db.password | b64enc | quote }}
   db-root-password: {{ .Values.bookstack.db.root_password | b64enc | quote }}
   mail-username: {{ .Values.bookstack.mail.username | b64enc | quote }}
-  mail-password: {{ .Values.bookstack.mail.password | b64enc | quote }}
\ No newline at end of file
+  mail-password: {{ .Values.bookstack.mail.password | b64enc | quote }}
+  access-key-id: {{ .Values.bookstack.aws.access_key_id | b64enc | quote }}
+  secret-access-key: {{ .Values.bookstack.aws.secret_access_key | b64enc | quote }}
+  backup-s3-url: {{ .Values.bookstack.aws.backup_s3_url | b64enc | quote }}
\ No newline at end of file
diff --git a/bookstack-helm/values.yaml b/bookstack-helm/values.yaml
index b632700..a9c2e07 100644
--- a/bookstack-helm/values.yaml
+++ b/bookstack-helm/values.yaml
@@ -24,6 +24,8 @@ bookstack:
   config_pvc_size: 5Gi
   image_pvc_name: wikiimages
   image_pvc_size: 5Gi
+  backup:
+    cron_schedule: "33 3 * * *"
 
 image:
   repository: lscr.io/linuxserver/bookstack