Backups
Why export your backups from your managed Keycloak?
At Cloud-IAM, we firmly believe that your data belongs to you, and you should have the ability to retrieve and store it within your own infrastructure. With backups feature, Cloud-IAM allows you to easily export complete backups of the PostgreSQL database associated of your deployment.
Export backups are useful when you need to:
- Back up your environment on your own infrastructure
- Increase your redundancy and resilience in the event of a major outage from Cloud-IAM
- Ensure reversibility and data sovereignty if you decide to unsubscribe from Cloud-IAM
- Keep a local or offline backups of your data for compliance or auditing
With Cloud-IAM Managed Keycloak solution you always stay in control, you have the complete ownership of your data. The backups are kept 30 days on the Cloud-IAM storage.
What does backups history contain?
From Cloud-IAM console, each backup entry displays the following information:
- File name: The name of the backup file
- File size: The total size of the file in (MB)
- Creation date: The date and time when the backup was generated
- GPG Key ID(s): The identifier(s) of the GPG key(s) used to encrypt the backup
How to configure backups frequency?
Follow these steps to define the scheduled frequency and start time for your backups:
- Open Cloud-IAM console
- Select the Keycloak deployment you want to configure.
- Click on
Pilot - Select
Settingsfrom backups section - Specify
Time,UTCandFrequency - Then click on
Saveto confirm the backup frequency.
Once scheduled, next backups will be based on your new configuration.
How to configure backups locations?
Follow these steps to define the locations of your backups:
- Open Cloud-IAM console
- Select the Keycloak deployment you want to configure.
- Click on
Pilot - Select
Settingsfrom backups section - Specify the cloud provider location(s) for your backups from the drop-down list.
- Then click on
Saveto confirm the location(s).
Once configured, next backups will be based on your new configuration.
How to create a GPG key and import on Cloud-IAM console
If you want to use these backups, you need to register your public GPG key via the Cloud-IAM console on your organization settings. GPG (GNU Privacy Guard) is used for asymmetric encryption. Cloud-IAM will use your public key to encrypt the backup files, which can only be decrypted using the corresponding private key in your possession.
This approach ensures that only you, holding the private key, can access the unencrypted backup data. Once added, all future backups will be encrypted using both Cloud-IAM's internal GPG keys and all valid public keys associated with your organization. This ensures that you retain the ability to securely decrypt and restore backups within your own infrastructure.
To proceed and create and add your GPG key in your organization, follow the step-by-step guide.
👉 Create and Add GPG Key in your organisation
How to download keycloak backups through Cloud-IAM console?
Follow these steps to export your Keycloak data:
- Open Cloud-IAM console
- Select the Keycloak deployment you want to download backup.
- Click on
Pilot - Select
Listfrom backups section - Then Click on
↓to download the backup from backups history
After few second you will get access to a single .gpg file containing PostgreSQL database associated of your deployment.
How to restore a Backup
After downloading the backup to your infrastructure, we strongly recommend storing it securely and keeping it encrypted until restoration is required.
- Use the following command, to decrypt the file using your private GPG key:
$ gpg --output "$BACKUP_FILE" --decrypt "${BACKUP_FILE}.gpg"This command will generate a decrypted version of the backup file.
- Use the following command, to restore the backup into a fresh PostgreSQL database:
$ pg_restore -v --host=${DB_ADDR} --port=${DB_PORT} --user=${DB_USER} -Fc -c -d ${DB_DATABASE} ${BACKUP_FILE}