Data backup and restore
Data overview
Data | Default Location | Contents | Backup Strategy |
|---|---|---|---|
Airlock IAM Configuration Directory | /home/airlock/iam |
| Must be backed up frequently |
Data Source (Databases, LDAP, MSAD etc.) | N/A | All user and admin data. | Must be backed up frequently |
Distribution | /opt/airlock-iam* (+ Docker image) | Distribution files that can be re-downloaded when needed. | Can be backed up less frequently |
The chosen data layer has to be well managed and monitored. IAM is not responsible for operation and backup/recovery. For productive usage the data layer should be clustered.
Please refer to the documentation of your database or directory vendor.
Backing up the configuration directory
It is recommended that you back up the entire contents of the configuration directory regularly (e.g. using a task scheduler like “cron”).
The configuration directory may contain sensitive configuration information (e.g. sensitive-values.properties containing the encryption passphrase for sensitive config values).
Depending on your backup setup, it may be advisable to either
- move the file “sensitive-values.properties” to a folder that is not backed up
or
- exclude the file from the backup.
Note that the sensitive config values cannot be recovered without the contents of the “sensitive-values.properties” file.
Backups should also be replicated to multiple physical locations.
Any backup solution capable of keeping a history of files can be used.
Restoring from a backup
Once the contents of the configuration directory are restored, Airlock IAM can be launched using the restored files and operation can be resumed.