Backup & Recovery
AIIA data is stored across PostgreSQL (structured data), MinIO (evidence files), and Redis (cache). This guide covers backup and recovery procedures for production deployments.
What to Back Up
| Component | Data | Priority |
|---|---|---|
| PostgreSQL | All audit data (engagements, findings, workpapers, KRIs, etc.) | Critical |
| MinIO | Evidence files, report PDFs, exports | Critical |
| Keycloak DB | User accounts, roles, SSO configuration | High |
| Redis | Session cache (ephemeral — can be rebuilt) | Low |
| Configuration | .env, Docker Compose files, SSL certificates | High |
PostgreSQL Backup
Automated Backups (Recommended)
Configure pg_dump via cron job:
# Daily full backup at 2 AM
0 2 * * * pg_dump -U admin -h localhost -d aiia -Fc > /backups/aiia_$(date +\%Y\%m\%d).dump
Manual Backup
docker exec aiia-postgres pg_dump -U admin -d aiia -Fc > backup.dump
Restore
docker exec -i aiia-postgres pg_restore -U admin -d aiia --clean < backup.dump
MinIO Backup
Using MinIO Client (mc)
# Mirror all buckets
mc mirror minio/aiia-evidence /backups/minio/evidence
mc mirror minio/aiia-reports /backups/minio/reports
Using rsync
rsync -av /path/to/minio/data /backups/minio/
Recovery Procedures
Full Recovery
- Restore PostgreSQL from the latest dump
- Restore MinIO files from backup
- Restart all services via
docker compose up -d - Verify data integrity (check finding counts, evidence hashes)
- Run health checks on all endpoints
Point-in-Time Recovery
If PostgreSQL WAL archiving is configured:
- Stop the database
- Restore base backup
- Apply WAL logs up to the desired timestamp
- Start the database and verify
Best Practices
- Test recovery procedures regularly
- Store backups in a separate location (off-site or different cloud region)
- Encrypt backup files at rest
- Retain backups according to your organization's retention policy
- Monitor backup job success/failure via alerts
- Document recovery procedures and keep them up to date