Restore a backup¶
Pre-requisites¶
To restore a Vault Backup, ensure you:
Have a Vault cluster deployed.
Your Vault deployment is in active idle state.
Have access to S3 storage where your backup is saved.
Have access to the unseal keys and root-token used by the Vault cluster at the time of creating the backup.
Once the prerequisites are in place you can run the restore-backup action on the leader unit to restore the specified backup, providing the following parameters to the action:
backup-id: Identifier of the backup you are attempting to restore, as saved on the S3 storage.
juju run vault/leader restore-backup backup-id=<backup-id>
The restored Vault will be unsealed and it will require to be unsealed an authorised using root token and unseal key that were in use at the time of creating the backup.
List backups¶
You can get a list of the identifiers of all the backups that are stored on the configured S3 storage using the list-backups action:
juju run vault/leader list-backups
Restore Backups created in different environments¶
To restore a snapshot that wasn’t created using the Vault charm’s create-backup action, you’ll need to manually upload it to the S3 storage accessible by the Vault charm where the restore-backup action will run.
Connect to your S3 storage
Use the same bucket configured in step 1 to store the snapshot
Use the ID of the stored snapshot to run the restore backup action