How to Back Up the PSaaS Appliance Using the CLI
You may use the PSaaS Appliance CLI to perform a Mongo backup on a specific node.
Beginning with version
11638, the backup doesn't include sensitive configuration information such as encryption keys.
Access Token Structure
Prior to Beginning the Backup
Please ensure that:
- You have configured the Command Line Interface on your PSaaS Appliance instances;
- The node has disk space equal to or greater than twice the amount of Auth0 data present.
Please be aware that we use the following sample values throughout this document:
- IP address of the node on the replica set to be backed up:
192.168.1.186. Generically, the node may also be referred to as
- Password used for encryption:
- The replica set connection string:
Opaque Access Tokens
Generate a New Backup
To initiate a backup, run the following command in your local command-line interface:
For example, if you were to run the above command using the provided sample values, you would run:
If the command successfully begins the backup process, you will see the message, "Backup in progress."
The backup will be encrypted using the
JSON Web Token Access Tokens
Back up Sensitive Configuration Info
Beginning with PSaaS Appliance version
backup command does not save sensitive configuration information such as encryption keys. You need to manually back up these keys (and any other sensitive information) if you want to fully recover an PSaaS Appliance installation using a backup copy.
To do this, you can use the
backup-sensitive command, which works the same way as
backup. You must run the command on a node where you previously ran
The full instructions (along with the commands you'll need to run) are as follows:
- Request a backup:
a0cli -t node_IP_address backup-sensitive --password 0therPassw0rd;
- Check the status of a backup:
a0cli -t node_IP_address backup-sensitive-status;
- Retrieve backup of sensitive information:
a0cli -t node_IP_address backup-sensitive-retrieve;
- Delete the sensitive backup from the node:
a0cli -t node_IP_address backup-sensitive-delete.
Access Token Security
Check the Status of the Backup
You can check on the status of a backup (or whether a backup exists) by running the following command in your local command-line instance:
If a backup is available, you will see a message similar to the following:
Access Token Lifetime
Retrieve an Existing Backup
Before retrieving a backup, we recommend checking to see if there is one first.
To retrieve an existing backup, you will use the "backup-retrieve" message in your local command-line instance:
This will download the backup inside of a file called
Auth0 recommends checking the md5sum of the retrieved file against that received as part of the back-up status message.
Please remember that the files are encrypted using the
Delete a Backup
To delete an existing backup, you will use the "backup-delete" message in your local command-line instance:
Restore a Backup
To restore a backup, please open up a ticket requesting assistance via the Auth0 Support Center.