Database-level backup and restore
Learn how to use the pvault-dump and pvault-restore command-line utilities
psql are command-line utilities that enable you to backup and restore PostgreSQL databases. Vault uses these utilities in
pvault-restore to enable you to back up and restore your Vault.
pvault-restore are bundled with every Vault image and can be accessed using Docker run commands, as follows:
alias pvault-dump="docker run -i --entrypoint pvault-dump -v $(pwd):/pwd -w /pwd [image]"
alias pvault-restore="docker run -i --entrypoint pvault-restore -v $(pwd):/pwd -w /pwd [image]"
pvault-dump utility wraps
pg_dump and is used to create a backup of Vault. It creates a file that contains the instructions required to recreate the Vault. The backup file is compressed to save space and includes the schema and the data.
pvault-dump [connection string] > [output file]
To connect to a PostgreSQL database, you need to provide a
connection string that includes the following parameters:
addr: the IP address or hostname of the server where the PostgreSQL database is running.
port: the port number on which the PostgreSQL server is listening.
dbname: the name of the database you want to connect to.
user: the username used to authenticate to the database.
password: the password associated with the user account.
host=%s port=%d dbname=%s user=%s password=%s
pvault-dump addr=<DB hostname> port=5432 dbname=mydb user=myuser password=mypassword > backup.gz
PostgreSQL URL notation
The connection string also supports PostgreSQL URL syntax:
pvault-dump postgresql://$user:$password@$addr:$port/$dbname > backup.gz
Where a parameter is not given in the connection string, the following default values are used:
pvault-restore utility uses psql to restore a backup from the Vault created by pvault-dump. It replaces the original database with the contents of the backup file.
pvault-restore [connection string] < [file name]
pvault-restore addr=<DB hostname> port=5432 dbname=pvault user=pvault password=pvault < backup.gz
After pg-restore restart all of your Vault instances
Ensure that the container is running and that the parameters match the settings in the container.