---
title: "Store State"
url: "https://docs.caracal.run/architecture/storage-model/"
markdown_url: "https://docs.caracal.run/markdown/architecture/storage-model.md"
description: "Durable Postgres tables, Redis streams, replay files, and ownership boundaries."
page_type: "architecture"
concepts: []
requires: []
---

# Store State

Canonical URL: https://docs.caracal.run/architecture/storage-model/
Markdown URL: https://docs.caracal.run/markdown/architecture/storage-model.md
Description: Durable Postgres tables, Redis streams, replay files, and ownership boundaries.
Page type: architecture
Concepts: none
Requires: none

---

Caracal separates durable state from propagation state.

| Store | Role |
| --- | --- |
| Postgres | Durable product, authority, audit, coordination, and outbox state. |
| Redis Streams | Event propagation, invalidation, revocation, and consumer coordination. |
| Replay volumes | Temporary audit emission buffer for STS and Gateway. |
| Secret manager/files | Runtime credentials and HMAC/encryption material. |

## Postgres Ownership

| Domain | Tables |
| --- | --- |
| Product model | `zones`, `providers`, `applications`, `resources`, `application_dependencies` |
| Authority | `sessions`, `delegated_grants`, `provider_grants`, `step_up_challenges` |
| Policy | `policies`, `policy_versions`, `policy_sets`, `policy_set_versions`, `policy_set_bindings` |
| Audit | `audit_events`, partitions, `audit_export_watermark`, `audit_ingest_alerts`, `admin_audit_events` |
| Agents | `agent_sessions`, `agent_topology`, `agent_services`, `agent_invocations`, `delegation_edges`, `delegation_graph_epochs` |
| Operations | `event_outbox`, `caracal_outbox`, `admin_tokens`, `gateway_resource_bindings`, `gateway_binding_revision`, `resource_rate_limits` |

## Integrity Controls

- Migrations are forward-only in production tooling.
- `schema_migrations` records applied versions.
- Audit role cannot update or delete `audit_events`.
- Policy versions are immutable.
- Zone-scoped tables use fail-closed row-level security.
- Audit partitions are maintained for the rolling window.

## Redis Ownership

Redis keeps delivery state, pending entries, consumer groups, rate-limit coordination, and revocation/invalidation streams. Redis does not replace Postgres for durable product state.

## Restore Priority

1. Postgres and runtime secrets.
2. STS/Gateway replay volumes.
3. Redis streams/pending entries when available.
4. Audit exports and SIEM archive.

## Next Step

Use [Manage Keys](/architecture/crypto-keys/) to understand how signing, encryption, and HMAC keys protect stored and propagated state.

## Related Pages

- [Operate PostgreSQL](/operations/postgres/)
- [Operate Redis Streams](/operations/redis/)
- [Back Up and Retain Data](/operations/backup-retention/)
