diff --git a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
new file mode 100644
index 0000000..769cd0d
--- /dev/null
+++ b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@@ -0,0 +1,64 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "24 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /etc/rclone
+              readOnly: true
+            command:
+            - /bin/sh
+            - -c
+            - |
+              sleep 7d
+              # rclone sync remote-source:packages remote-destination:packages --config /etc/rclone/config
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  config: |
+    [remote-source]
+    type = s3
+    provider = AWS
+    env_auth = true
+    endpoint = https://edp-forgejo-non-prod-observability.obs.eu-de.otc.t-systems.com
+    region = eu-de
+
+    [remote-destination]
+    type = s3
+    provider = AWS
+    env_auth = true
+    endpoint = https://edp-forgejo-backup-test-manu.obs.eu-de.otc.t-systems.com 
+    region = eu-de