Skip to main content

Vault API backup and restore

Vault provides two commands to implement backup and restore: pvault export for backup and pvault import for restore. These commands use the Vault APIs and do not require direct access to the Database. Note that some of these APIs are internal and intended to be used only from the CLI.

The following use cases are supported with the CLI:

  1. Export Vault data to an encrypted file that you can copy anywhere for safekeeping.
  2. Restore Vault data from an encrypted export file.
  3. Migrate data from one Vault cluster to another cluster (e.g. from one cloud provider to another, from on-prem to the cloud and vice versa).
  4. Take away your data by exporting Vault data to an encrypted file, and running a specific script to open the encryption and save your data in a standard JSON lines file.

The exported archive

The exported archive includes collection schemas, the IAM configuration file, custom data type specifications, custom data type bundles, and the data. The exported archive is encrypted with a dedicated key to protect from data leakage.

The CLI

Learn how to run the CLI in the Data import and export section.

On this page