Backup and Recovery

AIStor Key Manager supports snapshot backups of its state, which includes data such as encryption keys, enclaves, policies, and identities. The backups do not contain cluster configuration, such as which servers participate in the cluster or the configuration file used to start Key Manager.

Key Manager backups specifically target restoring cryptographic operations to normal status in the event of complete loss of all hosts in a cluster. Key Manager can otherwise return to normal operations so long as at least one node remains online and healthy.

Key Manager encrypts the key database values with a configured Hardware Security Module (HSM) key, while storing non-sensitive data such as schemas and key names in plaintext. See Security and HSM Key Management for more information on how HSM security.

All backup and recovery operations require running commands as the root user.

Back up your cluster state

Use the minkms backup command to create a new backup snapshot. You can also use minkms help backup to review the CLI help interface.

The following example commands function to create a backup snapshot for both Linux and Kubernetes Key Manager clusters.

export MINIO_KMS_SERVER=https://keymanager1.example.net:7373
minkms backup --api-key k1:ROOT_API_KEY

On success, this creates a compressed backup file using gzip and outputs the name of the file. The filename resembles YYYYMMDD_HHMMSS_kms.db.gzip. You can alternatively specify the name of the file as a parameter to the command.

To disable compression of the backup, add --compress off to the command.

See the minkms backup reference for additional usage.

Recovering from node failure

For any single Key Manager node failure, recovery requires re-initializing the failed node and re-joining it to the cluster:

Single node failures do not require a backup snapshot for restoration and recovery.

Recovering from cluster failure

For total losses where all cluster nodes fail and lose their on-disk state, recovery requires initializing a single node, restoring from backup, and scaling back up to full cluster size:

Cluster recovery requires a backup snapshot and access to the original HSM keys used when creating the backup.