mirror of
https://github.com/goauthentik/authentik
synced 2026-04-27 18:07:15 +02:00
b96c477b6a
* Clean up PostgreSQL documentation * Overview * SSL wording * Conn age * Schema text * Replica line * Direct tip * Backup text * Restore text * Access text * Copy text * Issue text * Sentence case * Section intro * Primary reads * Username text * Password text * TLS modes * Health checks * Replica case * Replica intro * Backup guides * Docker intro * Stop stack * Stop wording * Backup alt * Dump wording * Remove alt * Network note * Verify login * Dump safety * Log names
43 lines
3.6 KiB
Markdown
43 lines
3.6 KiB
Markdown
---
|
||
title: Backup and restore your authentik instance
|
||
sidebar_label: Backup & Restore
|
||
---
|
||
|
||
This guide outlines the critical components to back up and restore in authentik.
|
||
|
||
## PostgreSQL database
|
||
|
||
The PostgreSQL database is the most important part of an authentik backup. Without it, authentik cannot be restored to a usable state.
|
||
|
||
### Backup
|
||
|
||
- The PostgreSQL database stores all persistent authentik data, including users, policies, flows, and configuration.
|
||
- Loss of this database means full application data loss.
|
||
- Use PostgreSQL-native tooling such as [`pg_dump`](https://www.postgresql.org/docs/current/app-pgdump.html), [`pg_dumpall`](https://www.postgresql.org/docs/current/app-pg-dumpall.html), or [continuous archiving](https://www.postgresql.org/docs/current/continuous-archiving.html).
|
||
- Exclude the PostgreSQL system databases `template0` and `template1`.
|
||
- Keep backups somewhere other than the database host when possible.
|
||
|
||
### Restore
|
||
|
||
- Restore the PostgreSQL database before bringing authentik back into service.
|
||
- Use PostgreSQL-native restore tooling such as [`pg_restore`](https://www.postgresql.org/docs/current/app-pgrestore.html) or `psql`, depending on how the backup was created.
|
||
- Verify that the restored database is complete before reconnecting authentik.
|
||
|
||
For deployment-specific PostgreSQL upgrade guides, see:
|
||
|
||
- [Upgrade PostgreSQL on Docker Compose](../../troubleshooting/postgres/upgrade_docker.md)
|
||
- [Upgrading PostgreSQL on Kubernetes](../../troubleshooting/postgres/upgrade_kubernetes.md)
|
||
|
||
For PostgreSQL connection settings, TLS, replicas, and pooler compatibility, see the [PostgreSQL configuration reference](../../install-config/configuration/configuration.mdx#postgresql-settings).
|
||
|
||
## Static directories
|
||
|
||
These directories are mounted as volumes in containerized installations and must be restored if they were part of the backup to maintain authentik’s expected functionality.
|
||
|
||
| Directory | Purpose | Backup and Restore Notes |
|
||
| ----------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||
| **`/data`** | Stores application icons, flow backgrounds, uploaded files, and CSV reports. | Only required if not using S3 external storage. External storage should be backed up using the [AWS S3 Sync](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) utility. |
|
||
| **`/certs`** | Stores TLS certificates in the filesystem. | Backup if you rely on these certificates present in the filesystem. Not needed if authentik has already imported them, as certificates are stored in the database. |
|
||
| **`/custom-templates`** | Stores custom changes to the authentik UI. | Required if you modified authentik's default appearance. |
|
||
| **`/blueprints`** | Stores blueprints. | Optional but recommended if using custom blueprints. |
|