Skip to content

Back Up and Retain Data

Backups must preserve both access state and evidence state. A restore that loses audit, revocation, keys, or delegation data can produce unsafe or unauditable behavior.

AssetWhy it matters
Postgres databaseProduct state, policies, grants, sessions, audit events, agents, delegations, outboxes, gateway bindings.
Runtime secretsDatabase/Redis credentials, admin token, Coordinator token, zone KEK, HMAC keys, service exchange keys.
STS/Gateway replay volumesAudit replay files during Redis/Audit outages.
Redis snapshot or managed backupOptional operational recovery for stream pending entries; Postgres remains authoritative.
Audit exportsLong-term evidence and SIEM/compliance integration.
flowchart LR
  PG[(Postgres)] --> Backup[Encrypted backup]
  Secrets[Secret manager] --> Backup
  Replay[Replay volumes] --> Backup
  Audit[Audit export] --> Archive[Immutable archive]
  Backup --> RestoreTest[Scheduled restore test]
AreaControls
Audit databaseAUDIT_RETENTION_DAYS, partitions, audit export watermarks.
Coordinator dataDELEGATION_RETENTION_DAYS, OUTBOX_RETENTION_DAYS, sweeper intervals.
Redis streamsProvisioner intended max lengths and managed Redis retention.
BackupsPlatform backup policy and legal/compliance requirements.
  1. Restore Postgres into an isolated environment.
  2. Restore required secrets into the environment secret store.
  3. Run migration verification.
  4. Start services and verify /ready.
  5. Confirm audit query, policy-set activation state, Gateway bindings, sessions, agents, and delegation records.
  6. Run a canary token exchange and protected Gateway request.
SymptomCheck
Restored STS cannot decrypt keysZONE_KEK does not match the database secrets.
Audit chain verification failsMissing audit rows, wrong AUDIT_HMAC_KEY, or partial restore.
Gateway cannot routeMissing gateway binding rows or stale binding revision.
Revocation state is incompleteRestore Postgres revocation/session state and replay Redis revocation events where needed.

Use Respond to Incidents to define containment, evidence preservation, and recovery validation.