Skip to main content
Version: latest

Backup and recovery

This article covers backup and recovery for both SaaS and on-premises deployments.

SaaS: platform-managed backups

VaultPAM manages backups automatically for SaaS customers. You do not need to configure or schedule anything.

PropertyValue
FrequencyDaily encrypted snapshots
Retention30 days
RPO24 hours
RTO4 hours
EncryptionAES-256 at rest; backups stored in GCP europe-central2

To request a restore (for example, after accidental bulk deletion), email support@vaultpam.com with your organisation name, the date to restore to, and the data scope (full tenant or specific resource).

On-premises: manual backup procedure

For on-premises deployments, you are responsible for scheduling and verifying backups.

Backing up your deployment

  1. Stop any write-heavy workloads or schedule backups during a low-traffic window.
  2. Back up the PostgreSQL database by connecting to your PostgreSQL host and running a pg_dump to a secure off-host location.
  3. Export session recordings from MinIO using the MinIO client to sync the recordings bucket to your backup storage.
  4. Export connector configuration: in the VaultPAM console, go to Admin > Connectors and export the connector inventory.
  5. Verify the backup files are readable and not empty.
  6. Store backups in at least two geographically separate locations.

Restoring your deployment

Restore overwrites all data after the backup timestamp

Restoring from backup will overwrite all data created after the backup timestamp. Session recordings, audit log entries, credentials, and configuration changes made after the backup date will be permanently lost. This action cannot be undone.

  1. Stop the VaultPAM control-plane services before starting the restore.
  2. Restore the PostgreSQL database from the dump file.
  3. Restore MinIO recordings from your backup storage.
  4. Restart the control-plane services.
  5. Log in as Org Admin and verify that resources, Safes, and audit log entries are present.
  6. Test a session launch against a known resource to confirm connectivity.
Test your recovery regularly

Schedule quarterly restore tests using a staging environment. A backup you have never tested is not a backup you can rely on.