Backup & Recovery¶
Protect your AegisAI data with regular PostgreSQL backups, Redis persistence, and documented recovery procedures.
What to Back Up¶
| Component | Data | Priority |
|---|---|---|
| PostgreSQL | Users, tenants, agents, policies, audit logs, anomalies, HITL | Critical |
| Redis | Pub/sub state, cached sessions | Medium (rebuildable) |
| OPA policies | Rego templates in policies/templates/ |
Low (in Git) |
| Storage | Async export files in storage/ |
Medium |
| Environment | .env, secrets |
Critical |
Audit logs are compliance-critical
Audit logs may be subject to regulatory retention requirements (GDPR, HIPAA, FZ-152). Plan retention and backup accordingly.
PostgreSQL Backup¶
Manual Backup¶
# Docker
docker compose exec postgres pg_dump -U aegisai -Fc aegisai > aegisai_backup_$(date +%Y%m%d).dump
# Direct connection
pg_dump -h localhost -U aegisai -Fc aegisai > aegisai_backup.dump
Automated Daily Backup¶
#!/bin/bash
# /etc/cron.daily/aegisai-backup
BACKUP_DIR="/var/backups/aegisai"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p "$BACKUP_DIR"
docker compose -f /opt/aegisai/docker-compose.yml exec -T postgres \
pg_dump -U aegisai -Fc aegisai > "$BACKUP_DIR/aegisai_$DATE.dump"
# Retain 30 days
find "$BACKUP_DIR" -name "aegisai_*.dump" -mtime +30 -delete
Point-in-Time Recovery (PITR)¶
For production, enable WAL archiving in PostgreSQL:
# postgresql.conf
wal_level = replica
archive_mode = on
archive_command = 'cp %p /var/lib/postgresql/wal_archive/%f'
Restore Procedure¶
Full Restore¶
# Stop the application
docker compose stop app frontend
# Drop and recreate database
docker compose exec postgres psql -U aegisai -c "DROP DATABASE IF EXISTS aegisai;"
docker compose exec postgres psql -U aegisai -c "CREATE DATABASE aegisai;"
# Restore from dump
docker compose exec -T postgres pg_restore -U aegisai -d aegisai < aegisai_backup.dump
# Run any pending migrations
docker compose run app poetry run alembic upgrade head
# Restart services
docker compose up -d
Verify Restore¶
# Health check
curl http://localhost:8000/api/v1/health/ready
# Verify data
curl http://localhost:8000/api/v1/stats -H "X-API-Key: <key>"
curl http://localhost:8000/api/v1/agents -H "X-API-Key: <key>"
Redis Backup¶
Redis data is primarily ephemeral (pub/sub, event bus). Enable persistence for session resilience:
Manual Redis Backup¶
docker compose exec redis redis-cli BGSAVE
docker compose exec redis cp /data/dump.rdb /data/backup_$(date +%Y%m%d).rdb
Audit Log Export Backup¶
Export audit logs regularly for long-term compliance archives:
# Async export for large datasets
curl -X POST "http://localhost:8000/api/v1/audit/export/async?limit=100000" \
-H "X-API-Key: <key>"
# Download and store offsite
curl "http://localhost:8000/api/v1/audit/export/download/<job_id>" \
-H "X-API-Key: <key>" \
-o audit_archive_$(date +%Y%m%d).jsonl
Store exports in S3, GCS, or encrypted local storage with appropriate retention policies.
Storage Directory¶
Async export files are stored in storage/:
Disaster Recovery Plan¶
| Scenario | RTO Target | Procedure |
|---|---|---|
| Database corruption | 1 hour | Restore from latest pg_dump |
| Full server loss | 4 hours | Provision new VPS, restore DB, redeploy |
| Accidental data deletion | 30 minutes | Restore from backup, verify integrity |
| Redis failure | 15 minutes | Restart Redis (data rebuilds from events) |
| OPA failure | 5 minutes | Restart OPA (policies reload from templates) |
Recovery Checklist¶
- Provision infrastructure (see VPS Deployment)
- Restore PostgreSQL from latest backup
- Run
alembic upgrade headif needed - Restore environment variables and secrets
- Start services:
docker compose up -d - Verify health:
/api/v1/health/ready - Verify data integrity: check agent count, recent audit logs
- Re-create super-admin if user table was empty
- Notify users of recovery completion
Backup Testing¶
Untested backups are not backups
Test restore procedures quarterly:
- Restore to a staging environment
- Verify all tables have expected row counts
- Confirm API endpoints return correct data
- Test login with restored user credentials
- Document any issues and update procedures
Retention Policies¶
| Data Type | Recommended Retention | Storage |
|---|---|---|
| PostgreSQL daily backups | 30 days | Local + offsite |
| Audit log exports | Per compliance requirement (1–7 years) | Encrypted object storage |
| Redis snapshots | 7 days | Local |
| Application logs | 90 days | Log aggregation service |
Related Documentation¶
- Deployment — infrastructure setup
- Monitoring — health checks
- Docker Deployment — volume configuration