Data backup and restore

Data overview

Data	Default Location	Contents	Backup Strategy
Airlock IAM Configuration Directory	/home/airlock/iam	All instance configuration files All log files	Must be backed up frequently
Data Source (Databases, LDAP, MSAD etc.)	N/A	All user and admin data.	Must be backed up frequently
Distribution	/opt/airlock-iam* (+ Docker image)	Distribution files that can be re-downloaded when needed.	Can be backed up less frequently

The chosen data layer has to be well managed and monitored. IAM is not responsible for operation and backup/recovery. For productive usage the data layer should be clustered.

Please refer to the documentation of your database or directory vendor.

Backing up the configuration directory

It is recommended that you back up the entire contents of the configuration directory regularly (e.g. using a task scheduler like "cron").

The configuration directory may contain sensitive configuration information (e.g. sensitive-values.properties containing the encryption passphrase for sensitive config values).

Depending on your backup setup, it may be advisable to either

move the file "sensitive-values.properties" to a folder that is not backed up

exclude the file from the backup.

Note that the sensitive config values cannot be recovered without the contents of the "sensitive-values.properties" file.

Backups should also be replicated to multiple physical locations.

Any backup solution capable of keeping a history of files can be used.

Restoring from a backup

Once the contents of the configuration directory are restored, Airlock IAM can be launched using the restored files and operation can be resumed.