Skip to content

Backup & Recovery

Protect your AegisAI data with regular PostgreSQL backups, Redis persistence, and documented recovery procedures.

What to Back Up

Component Data Priority
PostgreSQL Users, tenants, agents, policies, audit logs, anomalies, HITL Critical
Redis Pub/sub state, cached sessions Medium (rebuildable)
OPA policies Rego templates in policies/templates/ Low (in Git)
Storage Async export files in storage/ Medium
Environment .env, secrets Critical

Audit logs are compliance-critical

Audit logs may be subject to regulatory retention requirements (GDPR, HIPAA, FZ-152). Plan retention and backup accordingly.

PostgreSQL Backup

Manual Backup

# Docker
docker compose exec postgres pg_dump -U aegisai -Fc aegisai > aegisai_backup_$(date +%Y%m%d).dump

# Direct connection
pg_dump -h localhost -U aegisai -Fc aegisai > aegisai_backup.dump

Automated Daily Backup

#!/bin/bash
# /etc/cron.daily/aegisai-backup
BACKUP_DIR="/var/backups/aegisai"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p "$BACKUP_DIR"

docker compose -f /opt/aegisai/docker-compose.yml exec -T postgres \
  pg_dump -U aegisai -Fc aegisai > "$BACKUP_DIR/aegisai_$DATE.dump"

# Retain 30 days
find "$BACKUP_DIR" -name "aegisai_*.dump" -mtime +30 -delete

Point-in-Time Recovery (PITR)

For production, enable WAL archiving in PostgreSQL:

# postgresql.conf
wal_level = replica
archive_mode = on
archive_command = 'cp %p /var/lib/postgresql/wal_archive/%f'

Restore Procedure

Full Restore

# Stop the application
docker compose stop app frontend

# Drop and recreate database
docker compose exec postgres psql -U aegisai -c "DROP DATABASE IF EXISTS aegisai;"
docker compose exec postgres psql -U aegisai -c "CREATE DATABASE aegisai;"

# Restore from dump
docker compose exec -T postgres pg_restore -U aegisai -d aegisai < aegisai_backup.dump

# Run any pending migrations
docker compose run app poetry run alembic upgrade head

# Restart services
docker compose up -d

Verify Restore

# Health check
curl http://localhost:8000/api/v1/health/ready

# Verify data
curl http://localhost:8000/api/v1/stats -H "X-API-Key: <key>"
curl http://localhost:8000/api/v1/agents -H "X-API-Key: <key>"

Redis Backup

Redis data is primarily ephemeral (pub/sub, event bus). Enable persistence for session resilience:

# docker-compose.yml
redis:
  command: redis-server --appendonly yes
  volumes:
    - redis_data:/data

Manual Redis Backup

docker compose exec redis redis-cli BGSAVE
docker compose exec redis cp /data/dump.rdb /data/backup_$(date +%Y%m%d).rdb

Audit Log Export Backup

Export audit logs regularly for long-term compliance archives:

# Async export for large datasets
curl -X POST "http://localhost:8000/api/v1/audit/export/async?limit=100000" \
  -H "X-API-Key: <key>"

# Download and store offsite
curl "http://localhost:8000/api/v1/audit/export/download/<job_id>" \
  -H "X-API-Key: <key>" \
  -o audit_archive_$(date +%Y%m%d).jsonl

Store exports in S3, GCS, or encrypted local storage with appropriate retention policies.

Storage Directory

Async export files are stored in storage/:

# Backup storage directory
tar czf storage_backup_$(date +%Y%m%d).tar.gz storage/

Disaster Recovery Plan

Scenario RTO Target Procedure
Database corruption 1 hour Restore from latest pg_dump
Full server loss 4 hours Provision new VPS, restore DB, redeploy
Accidental data deletion 30 minutes Restore from backup, verify integrity
Redis failure 15 minutes Restart Redis (data rebuilds from events)
OPA failure 5 minutes Restart OPA (policies reload from templates)

Recovery Checklist

  1. Provision infrastructure (see VPS Deployment)
  2. Restore PostgreSQL from latest backup
  3. Run alembic upgrade head if needed
  4. Restore environment variables and secrets
  5. Start services: docker compose up -d
  6. Verify health: /api/v1/health/ready
  7. Verify data integrity: check agent count, recent audit logs
  8. Re-create super-admin if user table was empty
  9. Notify users of recovery completion

Backup Testing

Untested backups are not backups

Test restore procedures quarterly:

  1. Restore to a staging environment
  2. Verify all tables have expected row counts
  3. Confirm API endpoints return correct data
  4. Test login with restored user credentials
  5. Document any issues and update procedures

Retention Policies

Data Type Recommended Retention Storage
PostgreSQL daily backups 30 days Local + offsite
Audit log exports Per compliance requirement (1–7 years) Encrypted object storage
Redis snapshots 7 days Local
Application logs 90 days Log aggregation service