diff --git a/env.yml b/env.yml
index 7db3ebd..a2b449b 100644
--- a/env.yml
+++ b/env.yml
@@ -51,12 +51,14 @@ projects:
 
 projects_to_backup:
   - etebase
+  - hedgedoc
   - synapse
   - vaultwarden
 
 
 borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
 borg_passphrase_file: /etc/borg-passphrase.txt
+hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
 borg_prune_options: |
   --keep-within=1d
   --keep-daily=7
diff --git a/roles/borg-init/tasks/main.yml b/roles/borg-init/tasks/main.yml
index 6dee7f6..11b05f5 100644
--- a/roles/borg-init/tasks/main.yml
+++ b/roles/borg-init/tasks/main.yml
@@ -21,6 +21,20 @@
         group: root
         mode: '600'
       when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
+ 
+    - name: Get Hedgedoc MySQL root password file stat
+      stat:
+        path: "{{ hedgedoc_mysql_root_password_file }}"
+      register: hedgedoc_mysql_root_password_file_result
+
+    - name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
+      template:
+        src: hedgedoc-mysql-root-password.txt
+        dest: "{{ hedgedoc_mysql_root_password_file }}"
+        owner: root
+        group: root
+        mode: '600'
+      when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
 
     - name: Get borg repository stat
       stat:
diff --git a/roles/borg-init/templates/hedgedoc-mysql-root-password.txt b/roles/borg-init/templates/hedgedoc-mysql-root-password.txt
new file mode 100644
index 0000000..13e5932
--- /dev/null
+++ b/roles/borg-init/templates/hedgedoc-mysql-root-password.txt
@@ -0,0 +1 @@
+{{ hedgedoc_secrets['mysql_root_password'] }}
diff --git a/roles/hedgedoc/tasks/backup.yml b/roles/hedgedoc/tasks/backup.yml
new file mode 100644
index 0000000..5e1ca62
--- /dev/null
+++ b/roles/hedgedoc/tasks/backup.yml
@@ -0,0 +1,32 @@
+- name: Backup MySQL database
+  community.docker.docker_container_exec:
+    container: hedgedoc-mysql
+    docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"
+    argv:
+      - /bin/bash
+      - "-c"
+      - "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
+    env:
+      MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
+
+- name: Create borg backup
+  command:
+    cmd: |
+      borg create
+      --compression=lzma
+      "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+      {{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
+
+- name: Prune borg repository
+  command:
+    cmd: |
+      borg prune
+      --glob-archives='{{ role_name }}-*'
+      {{ borg_prune_options }}
+      {{ borg_repodir }}
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
diff --git a/roles/hedgedoc/tasks/main.yml b/roles/hedgedoc/tasks/main.yml
index 15b33e7..ed95f38 100644
--- a/roles/hedgedoc/tasks/main.yml
+++ b/roles/hedgedoc/tasks/main.yml
@@ -1,3 +1,8 @@
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  when: run_backup | default(false) | bool
+
 - name: Include update tasks
   include_tasks:
     file: update.yml