Backup & Restore¶
Protecting your SentriKat data is critical. This guide covers database backups, Docker volume management, and disaster recovery procedures.
What to Back Up¶
| Component | Default Location | Contains |
|---|---|---|
| PostgreSQL database | Docker volume sentrikat_postgres_data (or ${STORAGE_ROOT}/postgres with storage override) | All application data |
| Application data | Docker volume sentrikat_data (or ${STORAGE_ROOT}/data with storage override) | Uploads, encryption key |
| Backup files | ${BACKUP_DIR} (or ${STORAGE_ROOT}/backups) | .sql.gz database dumps |
.env file | SentriKat install directory | Configuration and secrets |
| Certificates | ./certs/ directory | SSL/TLS and SAML certificates |
| License file | .env or Admin > License | Your signed license key |
Custom storage paths
If you use STORAGE_ROOT with docker-compose.storage.yml, your database files live at ${STORAGE_ROOT}/postgres and backups at ${STORAGE_ROOT}/backups. See Configuration — Storage Paths.
Warning
The ENCRYPTION_KEY in your .env is required to decrypt sensitive data (API keys, LDAP passwords). If you lose this key, encrypted fields cannot be recovered. Always include .env in your backups.
Database Backup¶
Manual Backup¶
# Create a SQL dump
docker compose exec sentrikat-db pg_dump -U sentrikat sentrikat > backup_$(date +%Y%m%d_%H%M%S).sql
# Compressed backup
docker compose exec sentrikat-db pg_dump -U sentrikat -Fc sentrikat > backup_$(date +%Y%m%d_%H%M%S).dump
Automated Daily Backups¶
Add a backup service to your docker-compose.yml:
services:
backup:
image: prodrigestivill/postgres-backup-local
environment:
POSTGRES_HOST: sentrikat-db
POSTGRES_DB: sentrikat
POSTGRES_USER: sentrikat
POSTGRES_PASSWORD: ${DB_PASSWORD}
SCHEDULE: "@daily"
BACKUP_KEEP_DAYS: 7
BACKUP_KEEP_WEEKS: 4
BACKUP_KEEP_MONTHS: 6
HEALTHCHECK_PORT: 8080
volumes:
- ./backups:/backups
depends_on:
- sentrikat-db
Start the backup service:
Backups are stored in ./backups/ by default, with automatic rotation. If you use STORAGE_ROOT, the built-in scripts/backup_database.sh writes to ${BACKUP_DIR} (derived from ${STORAGE_ROOT}/backups by docker-entrypoint.sh).
Cron-Based Backup¶
Alternatively, use a system cron job:
# Add to crontab (crontab -e)
0 2 * * * cd /opt/sentrikat && docker compose exec -T sentrikat-db pg_dump -U sentrikat -Fc sentrikat > /opt/sentrikat/backups/backup_$(date +\%Y\%m\%d).dump 2>&1
Tip
Use the -Fc (custom format) flag for pg_dump to enable selective restore and compression. Custom-format dumps are significantly smaller than plain SQL.
Database Restore¶
From SQL Dump¶
# Stop the application (keep database running)
docker compose stop sentrikat
# Drop and recreate the database
docker compose exec sentrikat-db psql -U sentrikat -c "DROP DATABASE sentrikat;"
docker compose exec sentrikat-db psql -U sentrikat -c "CREATE DATABASE sentrikat;"
# Restore the backup
docker compose exec -T sentrikat-db psql -U sentrikat sentrikat < backup_20240101_020000.sql
# Start the application
docker compose up -d sentrikat
From Custom-Format Dump¶
# Stop the application
docker compose stop sentrikat
# Restore using pg_restore
docker compose exec -T sentrikat-db pg_restore -U sentrikat -d sentrikat --clean --if-exists < backup_20240101.dump
# Start the application
docker compose up -d sentrikat
Docker Volume Backup¶
For a full backup including the PostgreSQL data directory:
Export Volume¶
# Stop all services
docker compose down
# Back up the postgres volume
docker run --rm \
-v sentrikat_postgres_data:/data \
-v $(pwd)/backups:/backup \
alpine tar czf /backup/postgres_volume_$(date +%Y%m%d).tar.gz -C /data .
Restore Volume¶
# Ensure services are stopped
docker compose down
# Recreate and restore the volume
docker volume create sentrikat_postgres_data
docker run --rm \
-v sentrikat_postgres_data:/data \
-v $(pwd)/backups:/backup \
alpine tar xzf /backup/postgres_volume_20240101.tar.gz -C /data
# Start services
docker compose up -d
Full Disaster Recovery¶
Follow this procedure to restore SentriKat on a new server.
Step 1: Install Prerequisites¶
# Install Docker and Docker Compose on the new server
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
Step 2: Restore Configuration¶
Copy the following from your backup to the new server:
- The SentriKat installation directory (or re-download from the Customer Portal)
- Your
.envfile with all secrets and theSENTRIKAT_LICENSEkey - Certificate files from
./certs/
Step 3: Restore Database¶
# Start only the database
docker compose up -d sentrikat-db
# Wait for PostgreSQL to be ready
sleep 10
# Restore the backup
docker compose exec -T sentrikat-db psql -U sentrikat sentrikat < backup.sql
# Start all services
docker compose up -d
Step 4: Verify¶
# All services healthy
docker compose ps
# The app answers (200, or a redirect to login)
curl -s -o /dev/null -w "%{http_code}\n" http://localhost:5000/
# Check the application logs — migrations apply automatically at boot
docker compose logs sentrikat | tail -50
Step 5: Rebind License (If Needed)¶
If the new server generates a different Installation ID:
- Go to Admin > License and copy the new Installation ID
- Log into portal.sentrikat.com
- Rebind your license to the new Installation ID
- Update
SENTRIKAT_LICENSEin your.envand restart
See Licensing & Activation for details.
Backup Verification¶
Regularly test your backups by restoring to a staging environment — a second copy of the stack extracted into a separate directory on a non-production host:
# In the staging copy of the install directory (own .env, own volumes)
docker compose up -d
# Restore the backup into the staging database
docker compose exec -T sentrikat-db psql -U sentrikat sentrikat < backup.sql
# Verify: services healthy and the app answers
docker compose ps
curl -s -o /dev/null -w "%{http_code}\n" http://localhost:5000/
Warning
Never test restores against your production database. Always use an isolated environment.
Backup Checklist¶
- Database backups run daily
- Backup retention policy covers at least 30 days
-
.envfile is backed up securely (contains secrets) - Certificates are included in backups
- Restore procedure tested at least quarterly
- Backups stored off-server (network share, cloud storage, or tape)
Next Steps¶
- Docker deployment for production hardening
- Configuration for environment variable reference
- Organizations to manage data across tenants